Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Gary is a mess... [Closed]


  • This topic is locked This topic is locked

#1
CGTIII

CGTIII

    Member

  • Member
  • PipPip
  • 17 posts

Thank you for helping me to help Gary on his laptop.

I've run Malwarebytes on Threat and full Custom, ADWCleaner, and JRT, but I'm sure that hasn't gotten it all.
MWB quarantined over seven thousand items on each run.

 

OTL logfile created on: 11/4/2014 7:44:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gary\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 36.62% Memory free
7.60 Gb Paging File | 4.95 Gb Available in Paging File | 65.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.99 Gb Total Space | 497.61 Gb Free Space | 85.50% Space Free | Partition Type: NTFS
Drive D: | 13.88 Gb Total Space | 1.51 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
 
Computer Name: ORGAN168 | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/04 07:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
PRC - [2014/10/23 15:41:39 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/09/25 10:43:09 | 000,277,672 | ---- | M] (Microsoft Corporation) -- C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
PRC - [2014/09/12 19:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/14 17:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/08/07 23:39:08 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/07/31 11:15:54 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/04/16 10:00:00 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Gary\AppData\Local\Apps\2.0\3YBO7WJR.OO0\YN87R2WN.8K1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
PRC - [2013/01/28 01:47:16 | 000,496,840 | ---- | M] (乐视网) -- C:\Program Files (x86)\Letv\letvlive\LetvHClient.exe
PRC - [2012/03/05 15:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 15:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/09 03:22:02 | 001,025,936 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
PRC - [2011/09/13 19:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 03:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/22 14:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/07/23 14:44:54 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/23 14:44:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/07/13 03:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/04 07:03:20 | 001,175,040 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\wx._core_.pyd
MOD - [2014/11/04 07:03:20 | 001,160,704 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\_ssl.pyd
MOD - [2014/11/04 07:03:20 | 001,062,400 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\wx._controls_.pyd
MOD - [2014/11/04 07:03:20 | 000,811,008 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\wx._windows_.pyd
MOD - [2014/11/04 07:03:20 | 000,805,888 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\wx._gdi_.pyd
MOD - [2014/11/04 07:03:20 | 000,735,232 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\wx._misc_.pyd
MOD - [2014/11/04 07:03:20 | 000,713,216 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\_hashlib.pyd
MOD - [2014/11/04 07:03:20 | 000,686,080 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\unicodedata.pyd
MOD - [2014/11/04 07:03:20 | 000,557,056 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\pysqlite2._sqlite.pyd
MOD - [2014/11/04 07:03:20 | 000,525,640 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\windows._lib_cacheinvalidation.pyd
MOD - [2014/11/04 07:03:20 | 000,364,544 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\pythoncom27.dll
MOD - [2014/11/04 07:03:20 | 000,320,512 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32com.shell.shell.pyd
MOD - [2014/11/04 07:03:20 | 000,167,936 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32gui.pyd
MOD - [2014/11/04 07:03:20 | 000,128,512 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\_elementtree.pyd
MOD - [2014/11/04 07:03:20 | 000,127,488 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\pyexpat.pyd
MOD - [2014/11/04 07:03:20 | 000,122,368 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\wx._wizard.pyd
MOD - [2014/11/04 07:03:20 | 000,119,808 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32file.pyd
MOD - [2014/11/04 07:03:20 | 000,110,080 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\PyWinTypes27.dll
MOD - [2014/11/04 07:03:20 | 000,108,544 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32security.pyd
MOD - [2014/11/04 07:03:20 | 000,098,816 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32api.pyd
MOD - [2014/11/04 07:03:20 | 000,087,552 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\_ctypes.pyd
MOD - [2014/11/04 07:03:20 | 000,078,336 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\wx._animate.pyd
MOD - [2014/11/04 07:03:20 | 000,070,656 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\wx._html2.pyd
MOD - [2014/11/04 07:03:20 | 000,045,568 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\_socket.pyd
MOD - [2014/11/04 07:03:20 | 000,038,912 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32inet.pyd
MOD - [2014/11/04 07:03:20 | 000,035,840 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32process.pyd
MOD - [2014/11/04 07:03:20 | 000,027,136 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\_multiprocessing.pyd
MOD - [2014/11/04 07:03:20 | 000,025,600 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32pdh.pyd
MOD - [2014/11/04 07:03:20 | 000,024,064 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32pipe.pyd
MOD - [2014/11/04 07:03:20 | 000,022,528 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32ts.pyd
MOD - [2014/11/04 07:03:20 | 000,018,432 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32event.pyd
MOD - [2014/11/04 07:03:20 | 000,017,408 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32profile.pyd
MOD - [2014/11/04 07:03:20 | 000,011,264 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\win32crypt.pyd
MOD - [2014/11/04 07:03:20 | 000,010,240 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\select.pyd
MOD - [2014/11/04 07:03:20 | 000,007,168 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\_MEI1242\hashobjs_ext.pyd
MOD - [2014/11/04 06:44:39 | 000,046,080 | ---- | M] () -- C:\Users\Gary\AppData\Local\Apps\2.0\3YBO7WJR.OO0\YN87R2WN.8K1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
MOD - [2014/11/04 06:43:41 | 000,043,008 | ---- | M] () -- c:\Users\Gary\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxi_xkf.dll
MOD - [2014/10/16 12:33:16 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e6af61bbf92c8ad0682a7307a6a4158d\IAStorUtil.ni.dll
MOD - [2014/10/16 11:48:41 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/10/16 11:48:25 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b3011370dcbf33751d3b9dce8091c6c6\System.Runtime.Remoting.ni.dll
MOD - [2014/10/16 11:41:38 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/16 11:41:25 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/16 11:41:13 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/16 11:41:06 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/16 11:40:38 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/16 11:39:11 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/25 10:43:04 | 000,081,056 | ---- | M] () -- C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
MOD - [2014/09/15 13:25:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ac4c46817e44dd944492753e8c7be3e5\IAStorCommon.ni.dll
MOD - [2014/09/15 12:50:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/12 19:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/07/31 11:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/07/15 09:03:22 | 000,541,696 | ---- | M] () -- C:\Users\Gary\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2010/07/13 03:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/07/13 03:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/07/13 03:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010/07/13 03:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010/07/13 03:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010/07/13 03:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/07/13 03:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010/07/13 03:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010/07/13 03:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010/07/13 03:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010/07/13 03:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010/07/13 03:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010/07/13 03:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010/04/02 23:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010/04/02 22:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\TENCENT\AddrUpdate\AddrUpdate.exe /Service -- (ARUpdate)
SRV:64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/11/28 11:15:29 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2014/10/22 08:57:34 | 000,226,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/10/22 08:57:20 | 000,376,168 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/09/25 11:15:53 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/05 15:45:06 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2013/11/04 21:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/05 15:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/13 19:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/18 17:37:00 | 002,372,096 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/23 14:44:54 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/23 14:44:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/04/02 23:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/04 00:08:08 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/27 09:15:39 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/10/22 08:58:04 | 000,107,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/08/25 21:26:58 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/08/25 21:26:57 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/08/25 21:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 21:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 14:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/02/20 18:14:34 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/11/05 15:45:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2013/11/05 15:44:46 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/31 22:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/04/20 09:45:05 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/04/20 09:44:52 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/04/12 21:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/11 02:50:58 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/11/28 11:15:31 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/28 11:13:59 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/03 13:07:48 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/12/12 13:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2014/10/27 10:02:02 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20141103.034\ex64.sys -- (NAVEX15)
DRV - [2014/10/27 10:02:01 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/10/27 10:02:01 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/10/27 10:02:01 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20141103.034\eng64.sys -- (NAVENG)
DRV - [2014/10/24 16:28:48 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20141103.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/23 23:31:00 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20141030.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/05 15:45:06 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{96FF05DB-ECF6-4EF7-86E2-8113B9D04F08}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{96FF05DB-ECF6-4EF7-86E2-8113B9D04F08}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{96FF05DB-ECF6-4EF7-86E2-8113B9D04F08}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.75\npxbdyy.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\gyre.com/soshare: C:\Users\Gary\AppData\Roaming\Gyre\SoShare\4.4.1\npSoShare.dll (Gyre, Inc)
FF - HKCU\Software\MozillaPlugins\none.com/Base: C:\Program Files (x86)\Letv\letvlive\npBase.dll (letv)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn\ [2014/11/04 06:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gary\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gary\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gary\AppData\Local\Google\Chrome\Application\38.0.2125.111\gcswf32.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Users\Gary\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.75\npxbdyy.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: QvodInsert (Enabled) = C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\2.0.4_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmijnhpfgblhkbdlnbldpmjgaiognoo\2.0.5_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibglneghaikopnpgcffpnlkbmgbealg\1.1.5.2_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.3_1\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc\2.1.1_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.20_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm\1_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.7_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhhejjkjfjkchkimomgfegnpapndjne\0.4.4_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.6_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd\0.163_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok\1.9.4_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.7_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.7.5.8_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik\6.6_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (IEHelper Search) - {6252875D-0A79-6B27-BC6A-E3BC86BDAE78} - C:\Program Files (x86)\Letv\letvlive\Ieminiesrs.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [LetvHClient] C:\Program Files (x86)\Letv\letvlive\LetvHClient.exe (乐视网)
O4 - HKLM..\Run: [LetvHClient.exe] C:\Program Files (x86)\Letv\letvlive\LetvHClient.exe (乐视网)
O4 - HKLM..\Run: [QvodTerminal] C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [BAIDUMEDIA] C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.75\BaiduPlayer.exe minimize File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Loader] C:\Program Files (x86)\Letv\letvlive\LeTVLoader.exe (乐视网信息技术(北京)股份有限公司)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{147A5760-62D9-4341-B00E-FA630A49799D}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97F9D93C-6D8E-431F-B1D8-86785356B690}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/04 07:28:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2014/11/04 07:03:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/11/04 06:46:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/11/04 06:33:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/11/04 06:32:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/04 06:29:10 | 001,706,359 | ---- | C] (Thisisu) -- C:\Users\Gary\Desktop\JRT.exe
[2014/11/03 23:01:33 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/03 23:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/03 23:01:10 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/03 23:01:10 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/03 23:01:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/03 23:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/03 23:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/29 11:20:30 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\LogMeIn
[2014/10/29 11:19:58 | 000,035,688 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2014/10/29 11:19:57 | 000,107,392 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2014/10/29 11:19:57 | 000,107,368 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll.000.bak
[2014/10/29 11:19:57 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2014/10/29 11:19:51 | 000,092,520 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2014/10/29 11:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2014/10/27 09:24:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/04 07:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2014/11/04 07:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/04 07:03:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/04 06:51:08 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/04 06:51:08 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/04 06:47:14 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000UA.job
[2014/11/04 06:47:10 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/04 06:47:10 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/04 06:47:10 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/04 06:43:58 | 000,000,408 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms
[2014/11/04 06:42:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/04 06:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/04 06:40:45 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/04 06:29:11 | 001,706,359 | ---- | M] (Thisisu) -- C:\Users\Gary\Desktop\JRT.exe
[2014/11/04 06:28:55 | 001,375,089 | ---- | M] () -- C:\Users\Gary\Desktop\AdwCleaner.exe
[2014/11/04 00:08:08 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/03 23:53:10 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGary.job
[2014/11/03 22:51:49 | 002,487,356 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2014/11/03 16:57:07 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000Core.job
[2014/11/03 15:51:09 | 000,002,427 | ---- | M] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome Canary.lnk
[2014/11/03 15:51:08 | 000,002,425 | ---- | M] () -- C:\Users\Gary\Desktop\Google Chrome Canary.lnk
[2014/11/03 10:22:39 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/11/03 10:21:04 | 000,048,844 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006
[2014/10/30 11:24:25 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/10/30 09:47:54 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\REGSERVO.job
[2014/10/28 15:50:57 | 000,002,359 | ---- | M] () -- C:\Users\Gary\Desktop\Google Chrome.lnk
[2014/10/27 09:15:39 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/27 09:15:39 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/27 09:15:39 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/23 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2014/10/22 08:58:04 | 000,107,392 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2014/10/22 08:57:46 | 000,035,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2014/10/22 08:57:44 | 000,092,520 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2014/10/16 11:54:19 | 000,004,392 | ---- | M] () -- C:\{ECACB399-7C4C-49D6-8FBA-6ECE59795445}
[2014/10/16 11:23:08 | 000,348,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/09 15:01:23 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForORGAN168$.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/04 06:28:47 | 001,375,089 | ---- | C] () -- C:\Users\Gary\Desktop\AdwCleaner.exe
[2014/10/30 11:24:45 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
[2014/10/30 11:24:32 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
[2014/10/29 11:19:45 | 000,001,024 | ---- | C] () -- C:\.rnd
[2014/10/16 11:54:19 | 000,004,392 | ---- | C] () -- C:\{ECACB399-7C4C-49D6-8FBA-6ECE59795445}
[2013/04/20 09:45:29 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/30 12:29:12 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\360Login
[2013/05/03 13:06:57 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\360SuperKiller
[2011/09/29 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Blio
[2014/11/04 06:44:02 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Dropbox
[2013/02/18 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Gyre
[2014/01/30 03:01:08 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Letv
[2013/07/15 12:56:06 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\LmpPlayer
[2013/02/20 17:27:59 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\SoShare
[2011/09/01 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Synaptics
[2011/09/02 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Tific
[2011/09/29 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\WeatherBug
[2011/09/01 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011/10/24 18:52:13 | 000,000,115 | ---- | M] ()(C:\Users\Gary\Desktop\???.url) -- C:\Users\Gary\Desktop\蝦滾網.url
[2011/10/24 18:52:13 | 000,000,115 | ---- | C] ()(C:\Users\Gary\Desktop\???.url) -- C:\Users\Gary\Desktop\蝦滾網.url
[2011/10/24 14:24:19 | 000,001,287 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\百度影音.lnk
[2011/10/24 14:24:18 | 000,001,287 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\百度影音.lnk
[2011/09/08 18:30:25 | 000,000,000 | ---D | M](C:\Users\Gary\Documents\????) -- C:\Users\Gary\Documents\都市更新
[2011/09/08 18:26:14 | 000,000,000 | ---D | C](C:\Users\Gary\Documents\????) -- C:\Users\Gary\Documents\都市更新
[2011/09/08 18:22:43 | 000,872,960 | ---- | C] ()(C:\Users\Gary\Desktop\?????.xls) -- C:\Users\Gary\Desktop\百年農民曆.xls
[2008/11/12 12:21:00 | 000,872,960 | ---- | M] ()(C:\Users\Gary\Desktop\?????.xls) -- C:\Users\Gary\Desktop\百年農民曆.xls
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??e??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜搜e点通
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度影音

< End of report >
 

OTL Extras logfile created on: 11/4/2014 7:44:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gary\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 36.62% Memory free
7.60 Gb Paging File | 4.95 Gb Available in Paging File | 65.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.99 Gb Total Space | 497.61 Gb Free Space | 85.50% Space Free | Partition Type: NTFS
Drive D: | 13.88 Gb Total Space | 1.51 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
 
Computer Name: ORGAN168 | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BD3760-3993-4321-91F1-19AACE2925FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{020C8C80-085B-4A9B-93BE-4C55F35627BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0E411EB7-C2E9-4E32-A2B3-188F87A24BF0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1117C3F4-ABE9-4FF5-808F-58DE420196A9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1CB30244-312C-485F-B30E-94149731359A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F6AEA0E-4D70-4020-92B3-F7F28C93B266}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34B4FA8C-F4D3-49D7-82CC-4619FC0BBC0E}" = lport=5353 | protocol=17 | dir=in | app=c:\users\gary\appdata\local\google\chrome\application\chrome.exe |
"{3C5AF336-59CD-4272-91D2-4A2775DB5A4E}" = lport=138 | protocol=17 | dir=in | app=system |
"{457AC78C-F9E5-4A05-8ADA-BB68654CC317}" = rport=445 | protocol=6 | dir=out | app=system |
"{45EFBB9A-E789-49BB-8124-15B6B5F0AEB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51694FAF-5675-4045-B177-3B3AB90D9ADA}" = lport=5353 | protocol=17 | dir=in | app=c:\users\gary\appdata\local\google\chrome sxs\application\chrome.exe |
"{59E7EC64-03D0-41C5-A276-77591E9D255A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BBDE7EF-43F7-49CC-8FE9-69AEDDAB0BF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F1FDA16-24BD-41A5-9072-D0FBEBE43A66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{607700FF-65B4-4326-8625-2543571E76A8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{61909BD2-6A0D-4472-A75B-FA9F00E78F3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{71A2176C-EE5E-4ACD-ACD2-B6CD6FFAAE54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75288127-D4D1-45F7-B0D7-BB1481FD00A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79BCAB8F-769E-401B-B9A5-174847A99930}" = lport=139 | protocol=6 | dir=in | app=system |
"{7A4913AF-B451-40BE-84C3-41FA29DE5720}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{809ABFCE-9F72-486C-A065-3765FC7D6D23}" = rport=139 | protocol=6 | dir=out | app=system |
"{827946C0-184A-45F5-8F28-45741413FF96}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8E28FD36-D2E2-4D1C-B7BB-39D006F83DA2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{941F67EB-973F-4488-B552-FA0EFEAF5E6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0DD7418-19E3-4B7E-A557-EFA89B1F9098}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3355017-A016-4A16-864B-0A7BF195E5FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AB83B7AB-75DF-41BA-925B-EB93B0D27D67}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD9EEB74-8723-4CED-991B-0B1AE8607708}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B80B2CCF-1B86-47F7-B692-B6F359B292B3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C3DB1505-0CC0-4A4C-95DD-9794465A76F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBDDEF7C-CAC8-425A-BB90-A3CD527AABA6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC59F366-760C-4EB8-B6C6-B39BD4E918FF}" = rport=138 | protocol=17 | dir=out | app=system |
"{CE25F131-5CDD-4339-A2BF-BECAD64BF132}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D35B8B78-8C7C-40A8-8327-603D4D1C312D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D68A3BDC-FC3D-4EFC-BAF7-82E075BC5660}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013A62BF-BA8B-4B5A-982D-8D12803466B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0266E45F-ABCE-448E-964B-06A0B3AFB263}" = protocol=6 | dir=out | app=system |
"{03A48E33-72CD-4B0C-8BB5-F90302604EB2}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\srtool~1\ie\dtuser.exe |
"{04C9608C-6299-45A8-8C6B-384AA69FF562}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{074DCE25-D67B-4AA4-B9BD-657E71412EF0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{093F1ADB-9703-42C3-A61A-8F332FD2D5EF}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{11093DB4-B3CF-4363-B672-EF2DDCB6F69A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11B41337-1C2C-4210-BCB7-CA3F2808CBBF}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{146721DD-4494-464A-8A92-BBA2CF1D76F1}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{16171AE9-30A2-45F4-90FF-7556C5602AFB}" = protocol=58 | dir=in | [email protected],-28545 |
"{184C378B-176C-464A-8E1E-A6250A8D98E8}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~5\ie\dtuser.exe |
"{23739B16-D3D9-4A78-83D6-20A1E14B010F}" = protocol=6 | dir=in | app=c:\users\gary\appdata\roaming\soshare\soshare.exe |
"{25F18AF7-66B6-415B-BD70-4AC70F868613}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\srtool~2\ie\dtuser.exe |
"{28EBAA9A-1700-4348-816B-0C40AF47CCFD}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\srtool~2\ie\dtuser.exe |
"{2AE6A186-C08A-41A4-ADC5-485C62260C14}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{2F26660C-F25C-4DCD-B698-721C5B564980}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\srtool~3\ie\dtuser.exe |
"{30641FF7-4D21-4286-AA73-6455400449AB}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~2\ie\dtuser.exe |
"{3110CDFF-BA79-4A8B-BAC1-D463CF2EA6EA}" = protocol=17 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
"{315D89EA-1674-4F97-9A29-9990A1B2D46A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{321B90A5-6665-46B1-8282-9024CD55ABC1}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{388E8BE1-276C-4C52-A995-DCC2A67F7AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38AA2CFF-AFCC-456F-92C6-479EA2B41927}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{3DA674BD-0670-48E9-8522-4D92D497625A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FB954B6-F3DF-4F21-AC47-D14BC5C9DCC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{418804B7-04D3-4A80-B40A-87C85F3C5184}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\srtool~1\ie\dtuser.exe |
"{457B21AE-51E9-4A31-995C-21ACF6860F8E}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~4\ie\dtuser.exe |
"{4A8BE795-D211-4DE8-845D-D3DD0E7EBBCE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4BA80439-DDDA-4635-A64E-3562A3FFD82C}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~4\ie\dtuser.exe |
"{4DE8B1E3-E0BB-4746-AA82-2B5007662C74}" = protocol=58 | dir=out | [email protected],-28546 |
"{4E64604D-5BEC-4AFF-9E92-1E65B3E385EB}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\srtool~3\ie\dtuser.exe |
"{4EE59B68-0C95-463B-B3D2-2BC8A6EC2FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{541A17A1-637F-43B3-8611-F37B0F7CEFD2}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~1\ie\dtuser.exe |
"{5F5FF2D2-BB4A-4F1E-A0D4-4A7DCB5C64A9}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.75\statreport.exe |
"{708CA78F-4897-4AFA-AD90-554C261779CD}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{720D2AB3-BB63-484E-8903-FD6C5C8D050F}" = protocol=1 | dir=out | [email protected],-28544 |
"{720E98D2-8E43-4AB6-9306-4CE966DBFDB4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{723C781A-E8D1-44B8-9003-390F5E915102}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{7298CC6A-35F6-467B-842C-698C1858CCA8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{76D186A6-7A73-4C1C-B51C-6F9783D4DB14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{78D51832-10E0-4543-8213-2C905B43AD1F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{794510CF-E52D-4F76-BFA2-0C1E43D695BA}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~2\ie\dtuser.exe |
"{7A38FFDC-9B0A-4B6A-8387-A42163133FAC}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{7B1F363B-5EDE-42AA-B803-C8B1D949B3D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7DAF9F2C-1A3D-4558-A2D7-AAAC7E69ABEB}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{82DA0671-3C51-47AB-86C7-C99D1725B8F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83FA9753-70D4-4648-94B2-06FF2113009E}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\srtool~4\ie\dtuser.exe |
"{842DEFA7-F22C-4BA8-A5DE-E931F9FBD99A}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{87727F95-1D7E-4D1B-B3B7-7F703EA3696B}" = protocol=1 | dir=in | [email protected],-28543 |
"{90701048-0F35-44BC-BDBD-D169AE740222}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92894641-36AA-4F7A-AB28-9ACF97FA4CC0}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~1\ie\dtuser.exe |
"{AB36A7A7-6A35-4575-8741-5E35D6204F8E}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~3\ie\dtuser.exe |
"{AC7F6EE2-0DDE-4E9E-84BF-5A1F8D35A27A}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\srtool~4\ie\dtuser.exe |
"{B0F79FF2-943E-4B3B-AA4F-118F9D13E763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B885ADF1-253C-4C7F-BA5E-ED1A6C67B449}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.75\baidup2pservice.exe |
"{BB946D2F-6323-4D26-B33F-3AF97683B504}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDFDAD36-BD69-4189-AFF4-9CADA3FDB22C}" = protocol=6 | dir=in | app=c:\users\gary\appdata\local\microsoft\skydrive\skydrive.exe |
"{C1302FAA-EB1B-4F84-9A74-BB936879AB13}" = protocol=17 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~5\ie\dtuser.exe |
"{C1DFE2B9-1C5E-415D-A5BB-6BBEF8C153B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C2091C8C-6E92-4638-925A-7B178BC8C30F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D389323C-E47B-46EA-AFE6-5BA096A265E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D46A5255-0EFF-427A-ADBA-E63514D05352}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{DB4CFF67-08B0-4999-A6F6-FB4ABCE03181}" = protocol=17 | dir=in | app=c:\users\gary\appdata\roaming\soshare\soshare.exe |
"{DE9824C7-0ACF-4D63-8698-6A1664F12C59}" = protocol=6 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0DE0608-CAE1-4022-A159-62DCC94B1406}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{E256DF78-FF60-4849-86CF-A0F3F92A1AD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E647AED5-7EA5-46A7-8AAA-746E7E1BA558}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.75\baiduplayer.exe |
"{EAEAE6DE-0EC8-4955-8D56-839BAA0D3C65}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ECA00696-FE29-4540-A2DE-5625701B2FEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ECAEC107-9912-4DB1-B6D2-30AFE7D209DA}" = protocol=17 | dir=in | app=c:\users\gary\appdata\local\microsoft\skydrive\skydrive.exe |
"{ECC899E0-E6D5-44B2-9728-2CF5CB93F276}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F4C0CE8D-20C8-4E3C-941C-2F013C6B60E1}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{F75257CC-FDCD-49DC-BECF-DFDC6D63F8C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9BC4C5B-F936-476F-B596-8097FA552E48}" = protocol=6 | dir=in | app=c:\program files (x86)\music toolbar\datamngr\sr0de8~3\ie\dtuser.exe |
"TCP Query User{00F09C6C-984F-448B-AE6C-7F339C4F66B3}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"TCP Query User{9E989F82-4E0B-400A-B375-65166B1226E6}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"UDP Query User{67FA1168-AF5B-4B37-926E-CD53DDA6DFAC}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"UDP Query User{F0AA8851-27D5-4041-9FFB-6992D1F721D9}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13E1EA74-8BA3-49F5-885C-4ACF20CB361C}" = dupeGuru
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Microsoft Security Client" = Microsoft Security Essentials
"REGSERVO" = REGSERVO
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A7F9F3C-5119-4AEA-A92C-260C2B265A18}" = SoShare Plugin
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{99CEB89F-50EC-4979-BDF6-148645D7EB35}" = HP Documentation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.12) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C60F3836-333A-4AE2-B526-CFDBA143A9BA}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCC101B1-29E9-48E3-9577-85809BB80D42}_is1" = ¾Å¿áÒôÀÖÍø °æ±¾ 1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F099EA75-A298-4A13-93CB-D2446436B137}" = LogMeIn
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ÀÖÊÓÍøÂçµçÊÓ" = ÀÖÊÓÍøÂçµçÊÓ V6.6.0.65
"AVS Document Converter_is1" = AVS Document Converter 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BaiduPlayer" = 百度影音1.0.23.75
"EasyBits Magic Desktop" = Magic Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LINE" = LINE
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"N360" = Norton 360
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"QQToolbar" = SOSO工具栏
"QvodPlayer" = QvodPlayer 5.0.77
"SOSOUpdate" = ËÑË÷¸üзþÎñ
"Tencent Browser Helper" = SOSO AddressBar Search
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"23ab716f18849b6f" = Amazon Cloud Drive
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Google Chrome SxS" = Google Chrome Canary
"OneDriveSetup.exe" = Microsoft OneDrive
"SoShare" = SoShare
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/4/2014 8:43:29 AM | Computer Name = Organ168 | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 728    Start Time:
 01cff82b3a577026    Termination Time: 3    Application Path: C:\Users\Gary\Desktop\OTL.exe

Report
 Id:   
 
[ Hewlett-Packard Events ]
Error - 4/28/2012 7:01:20 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 3893  Ram Utilization: 50  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
Error - 4/28/2012 7:01:40 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 4/28/2012 7:01:40 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 5/14/2012 12:46:54 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 5/14/2012 1:09:15 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 5/14/2012 1:12:58 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 5/14/2012 1:15:40 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 8/27/2012 4:00:20 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/10/2012 11:26:55 AM | Computer Name = Organ168 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 3893  Ram Utilization: 70  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
Error - 12/10/2012 9:14:26 PM | Computer Name = Organ168 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3893
Ram
 Utilization: 50  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
[ HP Connection Manager Events ]
Error - 10/31/2014 3:25:12 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:12.984|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:22 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:22.983|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:24 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:24.980|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:26 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:26.977|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:29 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:29.520|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:30 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:30.986|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:36 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:36.977|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:38 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:38.973|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:42 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:42.983|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10/31/2014 3:25:44 PM | Computer Name = Organ168 | Source = hpCMSrv | ID = 5
Description = 2014/10/31 15:25:44.979|00001B54|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ HP Software Framework Events ]
Error - 7/7/2012 10:24:26 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/07/07 07:24:26.513|000016DC|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 7/7/2012 10:24:29 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/07/07 07:24:29.879|00000A00|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 7/21/2012 10:36:25 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/07/21 07:36:25.305|00001610|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 7/21/2012 10:37:53 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/07/21 07:37:53.673|00001890|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 7/21/2012 10:37:55 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/07/21 07:37:55.310|00001DF0|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 7/28/2012 10:28:07 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/07/28 07:28:07.398|000005F0|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 7/28/2012 10:28:10 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/07/28 07:28:10.364|00001940|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 9/3/2012 7:07:18 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/09/03 04:07:18.315|000022E4|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 9/3/2012 7:07:20 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/09/03 04:07:20.060|00001A40|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 10/14/2012 12:51:23 AM | Computer Name = Organ168 | Source = CaslSmBios | ID = 5
Description = 2012/10/13 21:51:23.663|00001F74|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
[ System Events ]
Error - 11/4/2014 8:26:20 AM | Computer Name = Organ168 | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 


Edited by CGTIII, 04 November 2014 - 10:45 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, sorry for the delay. Could I have a fresh look at your system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thank you Essexboy. Here are the latest.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Gary (administrator) on ORGAN168 on 10-11-2014 19:22:13
Running from C:\Users\Gary\Desktop
Loaded Profile: Gary (Available profiles: Gary)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Amazon Digital Services, LLC.) C:\Users\Gary\AppData\Local\Apps\2.0\3YBO7WJR.OO0\YN87R2WN.8K1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Shenzhen QVOD Technology Co.,Ltd) C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(乐视网) C:\Program Files (x86)\Letv\letvlive\LetvHClient.exe
(Google Inc.) C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Sun Microsystems, Inc.) C:\Users\Gary\AppData\Local\Apps\2.0\3YBO7WJR.OO0\YN87R2WN.8K1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-12-11] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-11-28] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-11-05] (LogMeIn, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [QvodTerminal] => C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe [1025936 2011-10-09] (Shenzhen QVOD Technology Co.,Ltd)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LetvHClient] => C:\Program Files (x86)\Letv\letvlive\LetvHClient.exe [496840 2013-01-28] (乐视网)
HKLM-x32\...\Run: [LetvHClient.exe] => C:\Program Files (x86)\Letv\letvlive\LetvHClient.exe [496840 2013-01-28] (乐视网)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Run: [Google Update] => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Run: [BAIDUMEDIA] => C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.75\BaiduPlayer.exe minimize
HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Run: [SkyDrive] => C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Run: [Loader] => C:\Program Files (x86)\Letv\letvlive\LeTVLoader.exe [733896 2014-02-26] (乐视网信息技术(北京)股份有限公司)
HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {96FF05DB-ECF6-4EF7-86E2-8113B9D04F08} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {96FF05DB-ECF6-4EF7-86E2-8113B9D04F08} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/...eferrer:source}
SearchScopes: HKCU - {96FF05DB-ECF6-4EF7-86E2-8113B9D04F08} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: IEHelper Search -> {6252875D-0A79-6B27-BC6A-E3BC86BDAE78} -> C:\Program Files (x86)\Letv\letvlive\Ieminiesrs.dll ()
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-14] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @baidu.com/npxbdyy -> C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.75\npxbdyy.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1536182980-2452873588-134899528-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1536182980-2452873588-134899528-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1536182980-2452873588-134899528-1000: gyre.com/soshare -> C:\Users\Gary\AppData\Roaming\Gyre\SoShare\4.4.1\npSoShare.dll (Gyre, Inc)
FF Plugin HKU\S-1-5-21-1536182980-2452873588-134899528-1000: none.com/Base -> C:\Program Files (x86)\Letv\letvlive\npBase.dll (letv)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\coFFPlgn [2014-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\IPSFF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com.tw/
CHR StartupUrls: Default -> "hxxp://tw.yahoo.com/", "hxxp://tunein.com/radio/Hit-FM-1077-s10677/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Send using Gmail™ (no button)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc [2012-03-19]
CHR Extension: (Nice Day (weather)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmijnhpfgblhkbdlnbldpmjgaiognoo [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2011-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Muphin) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibglneghaikopnpgcffpnlkbmgbealg [2013-06-28]
CHR Extension: (YOUZEEK Free Music) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2013-04-04]
CHR Extension: (Tab Resize - split screen layouts) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2013-11-25]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2013-06-07]
CHR Extension: (Adblock Plus) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-07]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm [2014-07-25]
CHR Extension: (Google Calendar) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-03-19]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2012-07-20]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2012-06-05]
CHR Extension: (QCLean:Remove Facebook Ad,Suggested Page&Post) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhhejjkjfjkchkimomgfegnpapndjne [2014-01-06]
CHR Extension: (The QR Code Generator) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2012-07-20]
CHR Extension: (Flixster) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2012-02-13]
CHR Extension: (Pixlr Editor) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2012-06-11]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2012-05-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-03]
CHR Extension: (Streamus™ (Beta!)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-07-28]
CHR Extension: (Google Play) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-04-04]
CHR Extension: (Anvi AdBlock) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppcbdfilodknoglpjofcnebiggbdflo [2014-06-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Facebook Messenger) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-07-03]
CHR Extension: (Quick Note) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2012-06-04]
CHR Extension: (Sunrise Calendar) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Picasa) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2012-05-14]
CHR Extension: (Unblock Youku) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2012-10-23]
CHR Extension: (Outlook.com) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-06-07]
CHR Extension: (Streak for Gmail) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2014-08-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-18] (Realsil Microelectronics Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-22] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S2 ARUpdate; "C:\Program Files\TENCENT\AddrUpdate\AddrUpdate.exe" /Service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-23] (Symantec Corporation)
R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-10-24] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20141110.003\ENG64.SYS [129752 2014-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20141110.003\EX64.SYS [2137304 2014-10-27] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 19:22 - 2014-11-10 19:22 - 00029312 _____ () C:\Users\Gary\Desktop\FRST.txt
2014-11-10 19:22 - 2014-11-10 19:22 - 00000000 ____D () C:\FRST
2014-11-10 19:21 - 2014-11-10 19:21 - 02116096 _____ (Farbar) C:\Users\Gary\Desktop\frst64.exe
2014-11-04 17:07 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-04 17:07 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-04 17:07 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-04 17:07 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-04 14:12 - 2014-11-04 14:12 - 00002351 _____ () C:\Users\Gary\Desktop\Chrome App Launcher.lnk
2014-11-04 07:52 - 2014-11-04 07:52 - 00132012 _____ () C:\Users\Gary\Desktop\OTL.Txt
2014-11-04 07:52 - 2014-11-04 07:52 - 00091622 _____ () C:\Users\Gary\Desktop\Extras.Txt
2014-11-04 07:28 - 2014-11-04 07:28 - 00602112 _____ (OldTimer Tools) C:\Users\Gary\Desktop\OTL.exe
2014-11-04 06:50 - 2014-11-04 06:50 - 00003086 _____ () C:\Users\Gary\Desktop\JRT.txt
2014-11-04 06:46 - 2014-11-04 06:46 - 00000000 ____D () C:\Windows\ERUNT
2014-11-04 06:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-04 06:32 - 2014-11-04 06:39 - 00000000 ____D () C:\AdwCleaner
2014-11-04 06:29 - 2014-11-04 06:29 - 01706359 _____ (Thisisu) C:\Users\Gary\Desktop\JRT.exe
2014-11-04 06:28 - 2014-11-04 06:28 - 01375089 _____ () C:\Users\Gary\Desktop\AdwCleaner.exe
2014-11-03 23:14 - 2014-11-03 23:14 - 02347384 _____ (ESET) C:\Users\Gary\Downloads\esetsmartinstaller_enu.exe
2014-11-03 23:01 - 2014-11-10 18:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-03 23:01 - 2014-11-03 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-03 23:01 - 2014-11-03 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-03 23:01 - 2014-11-03 23:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-03 23:01 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-03 23:01 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-03 23:01 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-03 22:56 - 2014-11-03 22:57 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Gary\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-03 22:51 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-03 22:51 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-03 22:51 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-03 22:51 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-03 22:51 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-03 22:51 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-03 22:51 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-03 22:51 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-03 22:51 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-03 22:51 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-03 22:51 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-03 22:51 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-03 22:51 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-03 22:51 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-03 22:51 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-03 22:51 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-03 22:50 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-03 22:50 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-03 22:50 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-11-03 22:50 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-11-03 22:50 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-11-03 10:29 - 2014-11-03 10:29 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-30 11:24 - 2014-11-05 03:20 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-10-30 11:24 - 2014-11-05 03:20 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-10-29 11:20 - 2014-10-29 11:20 - 00000000 ____D () C:\Users\Gary\AppData\Local\LogMeIn
2014-10-29 11:19 - 2014-10-30 11:24 - 00001024 _____ () C:\.rnd
2014-10-29 11:19 - 2014-10-30 11:24 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-10-29 11:19 - 2014-10-22 08:58 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-10-29 11:19 - 2014-10-22 08:57 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-10-29 11:19 - 2014-10-22 08:57 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-10-29 11:19 - 2013-12-10 14:15 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2014-10-29 11:19 - 2013-11-05 15:45 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-10-29 11:09 - 2014-10-29 11:15 - 20489480 _____ () C:\Users\Gary\Downloads\LogMeIn.exe
2014-10-27 09:24 - 2014-11-03 10:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-16 11:54 - 2014-10-16 11:54 - 00004392 _____ () C:\{ECACB399-7C4C-49D6-8FBA-6ECE59795445}
2014-10-15 10:13 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 10:13 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 10:13 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 10:13 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 10:13 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 10:13 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 10:13 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 10:12 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 10:12 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 10:12 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 10:12 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 10:12 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 10:12 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 10:12 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 10:12 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 10:12 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 10:12 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 10:12 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 10:12 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 10:12 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 10:12 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 10:12 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 10:12 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 10:12 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 10:12 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 10:12 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 10:12 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 10:12 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 10:12 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 10:12 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 10:12 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 10:12 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 10:12 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 10:12 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 10:12 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 10:12 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 10:12 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 10:12 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 10:12 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 10:12 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 10:12 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 10:12 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 10:12 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 10:12 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 10:12 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 10:12 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 10:12 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 10:12 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 10:12 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 10:12 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 10:12 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 10:12 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 10:12 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 10:12 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 10:12 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 10:12 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 10:12 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 10:12 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 10:12 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 10:12 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 10:12 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 10:12 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 10:12 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 10:12 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 10:12 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 10:12 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 10:12 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 10:12 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 10:12 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 10:12 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 10:12 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 10:12 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 10:12 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 10:12 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 10:12 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 10:12 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 10:12 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 10:12 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 10:12 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 10:12 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 10:12 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 10:12 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 10:12 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 10:12 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 10:12 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 10:12 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 10:12 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 10:12 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 10:12 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 10:12 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 10:12 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 10:12 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 10:12 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 10:12 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 10:12 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 10:12 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 10:12 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 10:12 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 10:12 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 10:12 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 10:12 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 10:12 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 10:12 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 10:11 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 10:11 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 10:11 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 10:11 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 10:11 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 10:11 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 10:11 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 10:11 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 10:11 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 10:11 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 10:11 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 10:11 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 10:11 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 10:11 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 10:11 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 10:11 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 10:11 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 19:10 - 2012-05-21 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 19:09 - 2011-09-01 16:59 - 00000000 ____D () C:\Users\Gary\AppData\Local\Deployment
2014-11-10 19:09 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 19:09 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 19:07 - 2011-10-26 19:14 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-11-10 18:56 - 2011-11-11 17:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 18:47 - 2011-09-01 16:59 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000UA.job
2014-11-10 18:41 - 2014-01-20 18:52 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGary
2014-11-10 18:41 - 2014-01-20 18:52 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForGary.job
2014-11-10 18:40 - 2011-10-23 00:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-10 18:40 - 2011-09-05 16:06 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-10 18:10 - 2011-09-02 16:16 - 00000000 ____D () C:\Users\Gary\Documents\Outlook Files
2014-11-10 18:09 - 2013-10-10 15:11 - 00000000 ____D () C:\Users\Gary\AppData\Local\1267DAD7-F9D0-4E49-AE0B-D9F21815E04D.aplzod
2014-11-10 18:09 - 2011-09-01 16:59 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000Core.job
2014-11-10 16:03 - 2012-04-17 12:43 - 00000000 ____D () C:\Users\Gary\Documents\1Listings
2014-11-10 16:03 - 2011-10-12 01:03 - 02180085 _____ () C:\Users\Gary\Documents\Green Book 2010-2014.xlsx
2014-11-10 15:54 - 2011-10-03 12:59 - 00980966 _____ () C:\Users\Gary\Documents\Check Received Report.xlsx
2014-11-10 15:34 - 2012-04-09 13:48 - 00000000 ___RD () C:\Users\Gary\Dropbox
2014-11-10 14:57 - 2012-04-12 12:06 - 00663667 _____ () C:\Users\Gary\Documents\Contract Pricing Per SF-A-2014.xlsx
2014-11-10 14:48 - 2014-06-10 10:49 - 00002425 _____ () C:\Users\Gary\Desktop\Google Chrome Canary.lnk
2014-11-10 14:07 - 2012-04-12 11:53 - 04801516 _____ () C:\Users\Gary\Documents\Payment Chart 2011-2014.xlsx.xlsx
2014-11-10 10:58 - 2011-12-30 03:36 - 02086225 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 10:01 - 2012-09-11 15:45 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForORGAN168$
2014-11-10 10:01 - 2012-09-11 15:45 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForORGAN168$.job
2014-11-10 09:59 - 2011-11-11 17:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 09:50 - 2011-09-01 16:57 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{05EEBBA4-F754-452A-8F2D-F87D7CFF328A}
2014-11-10 09:47 - 2012-05-15 16:47 - 00000000 ___RD () C:\Users\Gary\SkyDrive
2014-11-10 09:46 - 2014-04-16 09:29 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-10 09:46 - 2011-10-12 01:18 - 00000336 _____ () C:\Windows\Tasks\Regwork.job
2014-11-06 10:43 - 2013-11-07 13:29 - 00000380 _____ () C:\Windows\Tasks\REGSERVO.job
2014-11-05 11:27 - 2011-09-02 15:48 - 00000000 ____D () C:\Users\Gary\Documents\Installer Payment
2014-11-05 10:38 - 2012-04-28 18:05 - 00000000 ___RD () C:\Users\Gary\Google Drive
2014-11-05 10:38 - 2012-04-09 13:45 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Dropbox
2014-11-05 03:24 - 2009-07-14 00:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 03:20 - 2011-09-03 13:02 - 00017590 _____ () C:\Windows\setupact.log
2014-11-05 03:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 14:12 - 2011-09-01 17:03 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-04 10:19 - 2011-09-06 18:52 - 00800096 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-04 07:03 - 2012-04-28 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 06:40 - 2011-09-03 13:16 - 01975976 _____ () C:\Windows\PFRO.log
2014-11-04 03:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-03 23:53 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-03 23:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-03 22:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-03 10:24 - 2011-11-01 12:10 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-11-03 10:23 - 2012-04-26 11:36 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-11-03 10:22 - 2011-11-01 12:11 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-30 10:48 - 2012-08-24 14:30 - 00000000 ____D () C:\Users\Gary\Desktop\Alice
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 22:37 - 2011-11-01 13:03 - 00000000 ____D () C:\Users\Gary\AppData\Local\CrashDumps
2014-10-28 15:50 - 2011-09-01 17:03 - 00002359 _____ () C:\Users\Gary\Desktop\Google Chrome.lnk
2014-10-27 10:06 - 2011-09-02 16:16 - 00000000 ____D () C:\Users\Gary\Documents\Garbage Can
2014-10-27 09:15 - 2011-11-01 12:11 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-27 09:15 - 2011-11-01 12:11 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-27 09:13 - 2011-11-01 12:10 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-10-23 19:51 - 2011-11-11 17:08 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 19:51 - 2011-11-11 17:08 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 15:42 - 2011-09-01 16:59 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000UA
2014-10-23 15:42 - 2011-09-01 16:59 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000Core
2014-10-17 14:34 - 2013-01-19 18:09 - 00000000 ____D () C:\Users\Gary\Desktop\Temp
2014-10-16 11:31 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 11:23 - 2009-07-13 23:45 - 00348608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 11:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 11:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 11:14 - 2014-05-07 09:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 10:50 - 2011-09-01 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 10:39 - 2013-08-15 11:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 10:05 - 2011-09-06 11:53 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Gary\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpao_mfz.dll
C:\Users\Gary\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_l7t3p.dll
C:\Users\Gary\AppData\Local\Temp\ose00000.exe
C:\Users\Gary\AppData\Local\Temp\Quarantine.exe
C:\Users\Gary\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Gary\AppData\Local\Temp\SymcPCCUInstaller.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:09

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Gary at 2014-11-10 19:23:02
Running from C:\Users\Gary\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

¾Å¿áÒôÀÖÍø °æ±¾ 1.0 (HKLM-x32\...\{CCC101B1-29E9-48E3-9577-85809BB80D42}_is1) (Version: 1.0 - ¾Å¿áÒôÀÖÍø)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Cloud Drive (HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
ÀÖÊÓÍøÂçµçÊÓ V6.6.0.65 (HKLM-x32\...\ÀÖÊÓÍøÂçµçÊÓ) (Version: V6.6.0.65 - ÀÖÊÓÍøÐÅÏ¢¼¼Êõ£¨±±¾©£©¹É·ÝÓÐÏÞ¹«Ë¾.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Document Converter 2.0.1 (HKLM-x32\...\AVS Document Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
Dropbox (HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
dupeGuru (HKLM\...\{13E1EA74-8BA3-49F5-885C-4ACF20CB361C}) (Version: 3.8.0 - Hardcoded Software)
ËÑË÷¸üзþÎñ (HKLM-x32\...\SOSOUpdate) (Version: 6.1.4.0 - ÌÚѶ¿Æ¼¼£¨ÉîÛÚ£©ÓÐÏÞ¹«Ë¾)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\Google Chrome SxS) (Version: 41.0.2216.0 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{99CEB89F-50EC-4979-BDF6-148645D7EB35}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINE (HKLM-x32\...\LINE) (Version: 3.7.0.34 - LINE Corporation)
LogMeIn (HKLM-x32\...\{F099EA75-A298-4A13-93CB-D2446436B137}) (Version: 4.1.3888 - LogMeIn, Inc.)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QvodPlayer 5.0.77 (HKLM-x32\...\QvodPlayer) (Version: 5.0.77 - Shenzhen Qvod Technology Co.,Ltd)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Reader Library by Sony (HKLM-x32\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
REGSERVO (HKLM\...\REGSERVO) (Version: 1.0.9.7 - Tuneup System Software Pvt Ltd.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SoShare (HKU\S-1-5-21-1536182980-2452873588-134899528-1000\...\SoShare) (Version: 4.2.5.28657 - Gyre, Inc.)
SoShare Plugin (HKLM-x32\...\{0A7F9F3C-5119-4AEA-A92C-260C2B265A18}) (Version: 4.4.1 - Gyre, Inc)
SOSO AddressBar Search (HKLM-x32\...\Tencent Browser Helper) (Version: 6.3.4.1 - Tencent Technology (Shenzhen)Company Limited )
SOSO工具栏 (HKLM-x32\...\QQToolbar) (Version: 4.1.20.10 - 腾讯科技(深圳)有限公司)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.3.57 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
百度影音1.0.23.75 (HKLM-x32\...\BaiduPlayer) (Version: 1.0.23 - http://www.baidu.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Gary\AppData\Local\Google\Chrome SxS\Application\41.0.2216.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1536182980-2452873588-134899528-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

31-10-2014 14:07:12 Windows Update
03-11-2014 15:40:04 Windows Update
04-11-2014 03:47:48 Windows Update
05-11-2014 08:00:19 Windows Update
06-11-2014 08:00:17 Windows Update
10-11-2014 14:58:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01AE1100-CA2D-4508-9CC5-D3B33069D1C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {13FA4C53-8A13-42C1-B337-01118D2F05B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {34D892F9-072A-4FC9-9671-C8C709F72D73} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {35A545A0-F3BE-4E80-93EC-A5B9B7DCEA10} - System32\Tasks\Regwork => C:\Program Files (x86)\RegWork\RegWork.exe
Task: {3AA366BF-EB6C-49DB-9F06-CD3F836D8791} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4621C219-A67C-44BF-954C-84234DCA0E3B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {71232136-1A7E-4298-913C-1FF67FB4D52F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {783EBBAE-849A-428A-A14F-E112B92E6488} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7AB5DC7E-50A8-4A27-908E-B699BC32E445} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {81D7440C-EEF9-4EC8-BF31-7B8843983EF0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {84DE07C3-73D1-4D3F-B075-89E2EEE7CBC0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8734F392-FBDE-4366-97C2-1408BBBDAAFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {88706E7A-A51A-48A6-A3CB-9980A0FC80B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {8D4928C2-7E45-4FC9-BA17-4A7B88E77A21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {90FC33DF-1F05-4277-9949-5257F04B3D99} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {92AB487B-77A1-4A59-98B5-BFACFC002C60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000Core => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {9367E642-F6A3-4AB9-B480-AA48C9A3AD6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3086F8A-EE88-4583-BC00-BAB17E151A42} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\RegSERVO.exe [2013-06-05] (Tuneup System Software Pvt Ltd.) <==== ATTENTION
Task: {AA2E828C-4129-4A90-8980-FDE5A229009B} - System32\Tasks\HPCeeScheduleForGary => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C64F727C-BAB8-4E57-9153-39C7D1836F6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-10-21] (Microsoft)
Task: {E4221453-1D78-4904-B49A-A191C6F63CB0} - System32\Tasks\HPCeeScheduleForORGAN168$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F5D4E40B-A344-46A3-87FF-EC359EFEC02B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000UA => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000Core.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536182980-2452873588-134899528-1000UA.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGary.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForORGAN168$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
Task: C:\Windows\Tasks\Regwork.job => C:\Program Files (x86)\RegWork\RegWork.exe

==================== Loaded Modules (whitelisted) =============

2011-05-03 13:07 - 2011-05-03 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-27 20:05 - 2011-04-27 20:05 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-10-16 12:33 - 2014-10-16 12:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-12-30 03:33 - 2011-04-30 03:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-09-25 10:43 - 2014-09-25 10:43 - 00081056 _____ () C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-09-25 10:43 - 2014-09-25 10:43 - 00081056 _____ () C:\Users\Gary\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-05 10:38 - 2014-11-05 10:38 - 00043008 _____ () c:\users\gary\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpao_mfz.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Gary\AppData\Roaming\Dropbox\bin\libcef.dll
2010-07-13 03:28 - 2010-07-13 03:28 - 00856064 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
2010-07-13 03:13 - 2010-07-13 03:13 - 00033792 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
2010-07-13 03:15 - 2010-07-13 03:15 - 00233472 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
2010-07-13 03:22 - 2010-07-13 03:22 - 00020480 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
2010-04-02 23:23 - 2010-04-02 23:23 - 00815104 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
2010-07-13 03:16 - 2010-07-13 03:16 - 00118784 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
2010-07-13 03:22 - 2010-07-13 03:22 - 00009728 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
2010-07-13 03:26 - 2010-07-13 03:26 - 00018432 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
2010-07-13 03:15 - 2010-07-13 03:15 - 00010240 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
2010-07-13 03:25 - 2010-07-13 03:25 - 00008704 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
2010-07-13 03:25 - 2010-07-13 03:25 - 00028160 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
2010-07-13 03:25 - 2010-07-13 03:25 - 00011776 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
2010-04-02 22:44 - 2010-04-02 22:44 - 00086016 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
2010-07-13 03:29 - 2010-07-13 03:29 - 00143360 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
2010-07-13 03:10 - 2010-07-13 03:10 - 00172032 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
2014-04-16 10:00 - 2014-11-05 10:38 - 00046080 _____ () C:\Users\Gary\AppData\Local\Apps\2.0\3YBO7WJR.OO0\YN87R2WN.8K1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
2014-07-15 09:03 - 2014-07-15 09:03 - 00541696 _____ () C:\Users\Gary\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2011-04-27 20:05 - 2011-04-27 20:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-05 10:37 - 2014-11-05 10:37 - 00098816 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32api.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00110080 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\pywintypes27.dll
2014-11-05 10:37 - 2014-11-05 10:37 - 00364544 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\pythoncom27.dll
2014-11-05 10:37 - 2014-11-05 10:37 - 00045568 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\_socket.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 01160704 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\_ssl.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00320512 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32com.shell.shell.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00713216 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\_hashlib.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 01175040 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._core_.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00805888 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._gdi_.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00811008 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._windows_.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 01062400 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._controls_.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00735232 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._misc_.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00128512 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\_elementtree.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00127488 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\pyexpat.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00557056 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\pysqlite2._sqlite.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00087552 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\_ctypes.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00119808 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32file.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00108544 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32security.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00007168 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\hashobjs_ext.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00167936 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32gui.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00018432 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32event.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00038912 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32inet.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00011264 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32crypt.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00070656 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._html2.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00027136 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\_multiprocessing.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00035840 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32process.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00686080 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\unicodedata.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00122368 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._wizard.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00024064 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32pipe.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00025600 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32pdh.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00525640 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\windows._lib_cacheinvalidation.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00010240 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\select.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00017408 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32profile.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00022528 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32ts.pyd
2014-11-05 10:37 - 2014-11-05 10:37 - 00078336 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1536182980-2452873588-134899528-500 - Administrator - Disabled)
Gary (S-1-5-21-1536182980-2452873588-134899528-1000 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-1536182980-2452873588-134899528-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1536182980-2452873588-134899528-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Ralink RT5390 802.11b/g/n WiFi Adapter
Description: Ralink RT5390 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 07:06:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e80

Start Time: 01cffd3f5a5141ba

Termination Time: 69

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: 7ca1ba6d-6936-11e4-aafc-101f74b9f913

Error: (11/10/2014 06:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5585

Error: (11/10/2014 06:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5585

Error: (11/10/2014 06:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2014 06:15:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4431

Error: (11/10/2014 06:15:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4431

Error: (11/10/2014 06:15:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2014 06:15:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3370

Error: (11/10/2014 06:15:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3370

Error: (11/10/2014 06:15:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/10/2014 09:46:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RoxioNow Service service.

Error: (11/05/2014 03:20:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Tencent AddressBar Update Service service failed to start due to the following error:
%%2

Error: (11/05/2014 03:04:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB2965788).

Error: (11/05/2014 03:04:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2923545).

Error: (11/05/2014 03:02:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB2984981).

Error: (11/04/2014 10:20:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (11/04/2014 07:26:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (11/10/2014 07:06:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftwareUpdate.exe2.1.3.1272e8001cffd3f5a5141ba69C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe7ca1ba6d-6936-11e4-aafc-101f74b9f913

Error: (11/10/2014 06:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5585

Error: (11/10/2014 06:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5585

Error: (11/10/2014 06:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2014 06:15:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4431

Error: (11/10/2014 06:15:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4431

Error: (11/10/2014 06:15:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2014 06:15:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3370

Error: (11/10/2014 06:15:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3370

Error: (11/10/2014 06:15:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 3893.86 MB
Available physical RAM: 1635.52 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5086.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.99 GB) (Free:498.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.88 GB) (Free:1.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 69E282F4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is Gary a Chinese speaker ?

Also did he install these programmes :

QvodPlayer
letvlive
BaiduPlayer


CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-11-10 19:07 - 2011-10-26 19:14 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-11-10 18:09 - 2013-10-10 15:11 - 00000000 ____D () C:\Users\Gary\AppData\Local\1267DAD7-F9D0-4E49-AE0B-D9F21815E04D.aplzod
Task: {A3086F8A-EE88-4583-BC00-BAB17E151A42} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\RegSERVO.exe [2013-06-05] (Tuneup System Software Pvt Ltd.) <==== ATTENTION
C:\Program Files\REGSERVO
Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
C:\Users\Gary\AppData\Local\Temp\_MEI24602
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#5
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Gary is a Chinese speaker. He may have installed those things.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Gary at 2014-11-11 19:12:23 Run:1
Running from C:\Users\Gary\Desktop
Loaded Profile: Gary (Available profiles: Gary)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-11-10 19:07 - 2011-10-26 19:14 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-11-10 18:09 - 2013-10-10 15:11 - 00000000 ____D () C:\Users\Gary\AppData\Local\1267DAD7-F9D0-4E49-AE0B-D9F21815E04D.aplzod
Task: {A3086F8A-EE88-4583-BC00-BAB17E151A42} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\RegSERVO.exe [2013-06-05] (Tuneup System Software Pvt Ltd.) <==== ATTENTION
C:\Program Files\REGSERVO
Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
C:\Users\Gary\AppData\Local\Temp\_MEI24602
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"C:\ProgramData\QvodPlayer" directory move:

C:\ProgramData\QvodPlayer\Agent.ini => Moved successfully.
C:\ProgramData\QvodPlayer\MediaConn.ini => Moved successfully.
C:\ProgramData\QvodPlayer\QvodCfg.ini => Moved successfully.
C:\ProgramData\QvodPlayer\QvodDown.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodNote.ini => Moved successfully.
C:\ProgramData\QvodPlayer\QvodPlayer.xml => Moved successfully.
C:\ProgramData\QvodPlayer\QvodSetupUpdate5.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodSetupUpdate5_20140820.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodSetupUpdate5_20140825.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodSetupUpdate5_20141011.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodSetupUpdate5_5.20.238.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20120117.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20120613.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20120615.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.2012093000.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20121016.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20121111.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20121128.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20121220.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20121221.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20130108.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20130207.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20130605.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20130613.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20130906.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20130918.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20131220.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20140121.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20140313.exe => Moved successfully.
C:\ProgramData\QvodPlayer\QvodUpdate5.20140419.exe => Moved successfully.
Could not move "C:\ProgramData\QvodPlayer\TaskCfg.db" => Scheduled to move on reboot.
C:\ProgramData\QvodPlayer\Tip\20130911b.swf => Moved successfully.
C:\ProgramData\QvodPlayer\Tip\QvodTips.xml => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__Media_[www.qvodk.com]杀手欧阳盆栽DVD中字.rmvb.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__Media_[www.qvodk.com]杀手欧阳盆栽DVD中字.rmvb.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__Media_亲密敌人.TS抢先国语中字.rmvb.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__Media_亲密敌人.TS抢先国语中字.rmvb.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodDown.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodDown.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5_20140820.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5_20140820.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5_20140825.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5_20140825.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5_20141011.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5_20141011.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5_5.20.238.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodSetupUpdate5_5.20.238.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20120117.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20120117.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20120613.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20120613.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20120615.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20120615.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.2012093000.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.2012093000.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121016.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121016.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121111.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121111.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121128.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121128.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121220.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121220.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121221.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20121221.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130108.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130108.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130207.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130207.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130605.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130605.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130613.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130613.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130906.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130906.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130918.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20130918.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20131220.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20131220.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20140121.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20140121.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20140313.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20140313.exe.torrent => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20140419.exe.mem => Moved successfully.
C:\ProgramData\QvodPlayer\Data\C__ProgramData_QvodPlayer_QvodUpdate5.20140419.exe.torrent => Moved successfully.
Could not move "C:\ProgramData\QvodPlayer" directory. => Scheduled to move on reboot.

C:\Users\Gary\AppData\Local\1267DAD7-F9D0-4E49-AE0B-D9F21815E04D.aplzod => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3086F8A-EE88-4583-BC00-BAB17E151A42}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3086F8A-EE88-4583-BC00-BAB17E151A42}" => Key deleted successfully.
C:\Windows\System32\Tasks\REGSERVO => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\REGSERVO" => Key deleted successfully.
C:\Program Files\REGSERVO => Moved successfully.
C:\Windows\Tasks\REGSERVO.job => Moved successfully.

"C:\Users\Gary\AppData\Local\Temp\_MEI24602" directory move:

C:\Users\Gary\AppData\Local\Temp\_MEI24602\hashobjs_ext.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\pyexpat.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\pysqlite2._sqlite.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\python27.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\pythoncom27.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\PyWinTypes27.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\select.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\unicodedata.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32api.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32com.shell.shell.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32crypt.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32event.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32file.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32gui.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32inet.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32pdh.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32pipe.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32process.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32profile.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32security.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\win32ts.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\windows._lib_cacheinvalidation.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._animate.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._controls_.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._core_.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._gdi_.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._html2.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._misc_.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._windows_.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wx._wizard.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wxbase294u_net_vc90.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wxbase294u_vc90.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wxmsw294u_adv_vc90.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wxmsw294u_core_vc90.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wxmsw294u_html_vc90.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\wxmsw294u_webview_vc90.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\_ctypes.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\_elementtree.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\_hashlib.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\_multiprocessing.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\_socket.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\_ssl.pyd => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\resources\fonts\OpenSans-Light.ttf => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\resources\fonts\Roboto-Bold.ttf => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\resources\fonts\Roboto-Regular.ttf => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602\resources\fonts\Roboto-Thin.ttf => Moved successfully.
Could not move "C:\Users\Gary\AppData\Local\Temp\_MEI24602" directory. => Scheduled to move on reboot.


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{E19E8E3A-7416-4341-A7C2-D3EB643339E0} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 621.4 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-11 19:21:18)<=

C:\ProgramData\QvodPlayer\TaskCfg.db => Is moved successfully.
C:\ProgramData\QvodPlayer => Is moved successfully.
C:\Users\Gary\AppData\Local\Temp\_MEI24602 => Is moved successfully.

==== End of Fixlog ====

 

# AdwCleaner v4.101 - Report created 11/11/2014 at 19:28:23
# Updated 09/11/2014 by Xplode
# Database : 2014-11-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gary - ORGAN168
# Running from : C:\Users\Gary\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters
File Deleted : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v

[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=101&sr=0&q={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&amp;o=15527&amp;l=dis&amp;prt=360&amp;chn=retail&amp;geo=US&amp;ver=6&gct=sb&qsrc=2869
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7394821B-02C2-4D6E-8D2E-316AA5A0C306&apn_sauid=5FB147E8-2B88-45CA-B10F-EBE0E73E6173
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7394821B-02C2-4D6E-8D2E-316AA5A0C306&apn_sauid=5FB147E8-2B88-45CA-B10F-EBE0E73E6173
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN39368070433345793&ctid=CT3292715&UM=2
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN39368070433345793&ctid=CT3292715&UM=2
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNman000&ptb=6sbQNjtA_zh7x.CNjzHsjw&ind=2011101011&ptnrS=ZNman000&si=&n=77def753&psa=&st=sb&searchfor={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNman000&ptb=6sbQNjtA_zh7x.CNjzHsjw&ind=2011101011&ptnrS=ZNman000&si=&n=77def753&psa=&st=sb&searchfor={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11111&tm=239&src=ds&p={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={135F20C8-630A-4558-A05B-F3BDD8B0CB7D}&mid=8b607211f80942f79378d1f6a101ecf8-2483a5a24b8309145a98bf3f32044d9069891fb4&lang=en&ds=dw011&pr=&d=2012-07-21 09:25:07&v=12.1.0.20&sap=dsp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [26495 octets] - [04/11/2014 06:32:16]
AdwCleaner[R1].txt - [4654 octets] - [11/11/2014 19:26:13]
AdwCleaner[S0].txt - [26144 octets] - [04/11/2014 06:38:48]
AdwCleaner[S1].txt - [4611 octets] - [11/11/2014 19:28:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4671 octets] ##########
 

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-11 19:56:06
-----------------------------
19:56:06.036    OS Version: Windows x64 6.1.7601 Service Pack 1
19:56:06.036    Number of processors: 4 586 0x2505
19:56:06.037    ComputerName: ORGAN168  UserName: Gary
19:56:09.270    Initialize success
19:56:09.485    VM: initialized successfully
19:56:09.486    VM: Intel CPU BiosDisabled
19:57:57.234    AVAST engine defs: 14111104
19:58:36.313    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:58:36.317    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
19:58:36.439    Disk 0 MBR read successfully
19:58:36.446    Disk 0 MBR scan
19:58:36.454    Disk 0 Windows 7 default MBR code
19:58:36.461    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
19:58:36.470    Disk 0 default boot code
19:58:36.488    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       595959 MB offset 409600
19:58:36.518    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        14217 MB offset 1220933632
19:58:36.542    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 1250050048
19:58:36.702    Disk 0 scanning C:\Windows\system32\drivers
19:58:47.995    Service scanning
19:58:51.178    Service BHDrvx64 C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\BASHDefs\20141107.001\BHDrvx64.sys **LOCKED** 5
19:58:54.288    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
19:58:54.757    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
19:58:58.853    Service IDSVia64 C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\IPSDefs\20141111.001\IDSvia64.sys **LOCKED** 5
19:59:04.055    Service NAVENG C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20141111.002\ENG64.SYS **LOCKED** 5
19:59:04.355    Service NAVEX15 C:\Program Files (x86)\Norton 360\NortonData\21.0.0.100\Definitions\VirusDefs\20141111.002\EX64.SYS **LOCKED** 5
19:59:20.710    Modules scanning
19:59:20.724    Disk 0 trace - called modules:
19:59:20.751    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:59:20.764    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005256060]
19:59:20.776    3 CLASSPNP.SYS[fffff8800147543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd9050]
19:59:23.653    AVAST engine scan C:\Windows
19:59:28.754    AVAST engine scan C:\Windows\system32
20:04:20.422    AVAST engine scan C:\Windows\system32\drivers
20:04:56.499    AVAST engine scan C:\Users\Gary
20:13:42.035    AVAST engine scan C:\ProgramData
20:24:01.203    Disk 0 statistics 4899735/0/0 @ 2.02 MB/s
20:24:01.219    Scan finished successfully
20:59:24.749    Disk 0 MBR has been saved successfully to "C:\Users\Gary\Desktop\MBR.dat"
20:59:24.760    The log file has been saved successfully to "C:\Users\Gary\Desktop\aswMBR.txt"

Thank you again.


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer running now, are you experiencing any problems ?
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP