Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google chrome multiple tnulqtoe.exe *32 processes cpu usage issue [Sol

Started by phoebe_s78 , Nov 10 2014 10:19 PM
google chrome virus tnulqtoe.exe *32 .exe problems cpu usage malware

  • This topic is locked This topic is locked

#1
phoebe_s78
Posted 10 November 2014 - 10:19 PM

phoebe_s78

    Member

  • Member
  • PipPip
  • 50 posts
I feel like I've tried everything at this point. I'm not tech savy or anything, but I've been able to uninstall a few pesky programs here and there.  Unfortunately this one seems beyond me.
 
The other day I was watching some episode on vodlocker (I've never had a problem with this site in all the time I've been using it) and soon after my CPU usage was going crazy high (it still is and hasn't really stopped since yesterday. It will go down briefly but shoot back up soon after). I didn't really notice it until later that night, when the CPU usage wouldn't go down. I looked at my task manager and my processes and there were several programs running under the name of tnulqtoe.exe *32. I looked it up and I couldn't find anything on it. I ran a virus scan and it didn't pick it up. The few times I've managed to delete it (by quickly ending the process and going to the file location to delete it), it popped up again right after I restarted my computer- like it never left. The number of these applications shoots up and down- from as little as to around 5-20+. It's super frustrating. Google Chrome reads as its publisher and it's labeled as an application in its properties. But in the description where the process shows, it does say google chrome.
 
I've checked the extensions, cleaned out my browser history and cookies. I went even as far as uninstalling google chrome to see what would happen to the application. It was still running despite my uninstalling google chrome. I checked to see if I installed a program- it's not there. I've made sure that I have no background applications running on chrome. Still, nothing has happened. And again- super, super frustrating. 
 
The file is also located under my user name/app data/LocalLow/apple computer/ptiepmgjdo/siawesft in my C drive. There are other folders in there as well, but tnulqtoe.exe *32 itself is in this location, and it even has a google chrome icon (I don't know if that's relevant). I also tried to look and see if I could do a system restore, move it back a day or two but for some reason that feature is now blocked on my computer, even though it wasn’t before (could this program be blocking it? There's another user on my laptop, my dad actually, and he was also blocked on the system restore and he wasn't previously).
 
I would really appreciate any help, I’m at my wits end. If you need any pictures, let me know!
 
Also, the quick scan on OTL took almost an hour. I'm not sure if that's normal, but I want to cover all my bases.
 
I'm not really sure what my problem is, but people have come onto this site with something seemingly similar and you guys have helped them out and I really need help. Thanks!
 
OTL Log:
 
OTL logfile created on: 11/10/2014 9:12:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Phoebe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.95 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 44.23% Memory free
11.90 Gb Paging File | 8.18 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 674.42 Gb Total Space | 437.44 Gb Free Space | 64.86% Space Free | Partition Type: NTFS
Drive D: | 20.06 Gb Total Space | 2.17 Gb Free Space | 10.82% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.10% Space Free | Partition Type: FAT32
 
Computer Name: SOSA-HP | User Name: Phoebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/10 21:12:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phoebe\Downloads\OTL.scr
PRC - [2014/11/10 19:09:35 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Phoebe\AppData\LocalLow\Apple Computer\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
PRC - [2014/10/23 20:40:10 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
PRC - [2014/10/21 20:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/22 14:47:32 | 000,741,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/09/17 16:42:08 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/07/25 11:29:36 | 000,511,872 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2014/03/31 05:39:36 | 000,350,528 | ---- | M] (ClientConnect Ltd.) -- C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/19 11:45:30 | 000,317,736 | ---- | M] (Smilebox, Inc.) -- C:\Users\Phoebe\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/09/30 14:42:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Phoebe\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/29 15:47:32 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/02/29 15:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/01/26 16:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/10/07 18:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/28 15:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/08/19 05:44:30 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/08/19 05:44:12 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/08/19 05:43:46 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/01 13:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 19:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/07/13 17:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/10 19:09:35 | 014,669,128 | ---- | M] () -- C:\Users\Phoebe\AppData\LocalLow\Apple Computer\Ptiepmgjdo\Siawesfwt\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/11/10 19:09:35 | 008,537,928 | ---- | M] () -- C:\Users\Phoebe\AppData\LocalLow\Apple Computer\Ptiepmgjdo\Siawesfwt\36.0.1985.143\pdf.dll
MOD - [2014/11/10 19:09:35 | 000,353,096 | ---- | M] () -- C:\Users\Phoebe\AppData\LocalLow\Apple Computer\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/11/10 19:09:34 | 001,732,936 | ---- | M] () -- C:\Users\Phoebe\AppData\LocalLow\Apple Computer\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/11/10 19:09:34 | 000,718,152 | ---- | M] () -- C:\Users\Phoebe\AppData\LocalLow\Apple Computer\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libglesv2.dll
MOD - [2014/11/10 19:09:34 | 000,126,280 | ---- | M] () -- C:\Users\Phoebe\AppData\LocalLow\Apple Computer\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libegl.dll
MOD - [2014/10/21 20:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 20:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 20:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 20:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/09/12 19:49:18 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/14 15:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Phoebe\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2014/09/18 17:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/24 14:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/06/20 09:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 09:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/06/12 15:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2014/05/27 23:46:46 | 000,706,560 | ---- | M] () [Auto | Running] -- C:\Program Files\002\yewimmxqbs64.exe -- (yewimmxqbs64)
SRV:64bit: - [2014/04/25 17:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/05/10 13:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2012/01/26 13:19:18 | 000,332,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/12/11 23:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/09/20 11:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/09/08 05:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/09/26 00:07:35 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/31 05:39:36 | 000,350,528 | ---- | M] (ClientConnect Ltd.) [Auto | Running] -- C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe -- (TBSrv)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/08/31 21:11:00 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/08/19 05:44:30 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/01 13:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 13:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/27 05:39:00 | 000,061,072 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys -- ({c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64)
DRV:64bit: - [2014/07/24 13:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/07/24 13:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/06/20 09:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 09:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 09:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 09:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 09:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 09:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/09/23 12:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 00:34:36 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/10/29 19:04:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/29 19:04:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/20 17:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 17:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/20 17:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 17:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 17:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 17:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 17:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/09/08 05:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/02 11:46:00 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/08/26 11:54:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/26 11:53:52 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/23 21:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 18:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1209738023
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{542A7E09-619A-4B1F-8647-1F824BED7769}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {166A6956-F5AD-4686-BCAA-536FC0762DB8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1209738023
IE - HKLM\..\SearchScopes\{21B73716-2367-6F2E-F523-1C155B742676}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{542A7E09-619A-4B1F-8647-1F824BED7769}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://mystart.smile...om?a=6R8veaFiJR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-468
IE - HKCU\..\SearchScopes,DefaultScope = {81688365-E288-4C27-9097-59514EDD828B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{166A6956-F5AD-4686-BCAA-536FC0762DB8}: "URL" = http://search.condui...&ctid=CT3061355
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{542A7E09-619A-4B1F-8647-1F824BED7769}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{56436357-748F-4246-923C-B2B4712C6082}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{60C81A18-51F6-47F2-B06C-33F9A627B0CD}: "URL" = http://search.condui...4631994630&UM=2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-468: "URL" = http://start.funmood...C&cr=1209738023
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{81688365-E288-4C27-9097-59514EDD828B}: "URL" = https://search.yahoo...p={SearchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{C7B84228-7B83-4247-B10B-655843FEA48E}: "URL" = http://astromenda.co...r=447651281&ir=
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smile...DS&a=6R8veaFiJR
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Phoebe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/10/01 23:47:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/07/19 20:43:03 | 000,000,000 | ---D | M]
 
[2014/05/28 00:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/20 21:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/07/20 21:17:48 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/07/20 21:17:56 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
[2013/12/26 15:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmpbeckibaikflbnegjemaegnpbgjol\1.1_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (VisualBee V.5 Toolbar) - {61a83e16-7198-49c6-8874-3e4e8faeb4f3} - C:\Program Files (x86)\VisualBee_V.5\prxtbVisu.dll File not found
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmi0.dll File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (VisualBee V.5 Toolbar) - {61a83e16-7198-49c6-8874-3e4e8faeb4f3} - C:\Program Files (x86)\VisualBee_V.5\prxtbVisu.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmi0.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (VisualBee V.5 Toolbar) - {61A83E16-7198-49C6-8874-3E4E8FAEB4F3} - C:\Program Files (x86)\VisualBee_V.5\prxtbVisu.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmi0.dll File not found
O3:HKU - HKCU\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Users\Phoebe\AppData\LocalLow\SmileBox_EN\prxtbSmi2.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [DelayShred] c:\Program Files\McAfee\MQS\ShrCL.exe ()
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-3520 Series" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Phoebe\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Otgpuozkwdji] C:\Users\Phoebe\AppData\Local\Broadcom\Otgpuozkwdji.dll (Borland Software Corporation)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Phoebe\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Phoebe\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B40E102-644D-429B-83C5-1FD56F8894F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{742EBBB9-3122-4007-A57F-C96F17D9E842}: DhcpNameServer = 10.50.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/10 20:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/11/10 20:18:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phoebe\Desktop\OTL.exe
[2014/11/10 20:01:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/11/10 15:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/28 15:18:32 | 000,020,944 | ---- | C] (Intel Corporation) -- C:\Users\Phoebe\AppData\Roaming\JomCap.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/10 21:06:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/10 20:49:41 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003UA.job
[2014/11/10 20:45:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/10 20:44:04 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/10 20:44:04 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/10 20:28:04 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/10 20:28:04 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/10 20:28:03 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/10 20:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/10 20:21:33 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/10 20:18:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phoebe\Desktop\OTL.exe
[2014/11/10 19:07:54 | 000,002,279 | ---- | M] () -- C:\Users\Phoebe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/10 15:33:30 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/10 15:24:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPhoebe.job
[2014/11/08 23:49:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003Core.job
[2014/11/02 13:59:54 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Phoebe.job
[2014/10/23 20:40:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8ebdb9948842.job
[2014/10/15 18:11:06 | 000,342,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/10 15:33:30 | 000,002,279 | ---- | C] () -- C:\Users\Phoebe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/10 15:33:30 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/10 15:07:39 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPhoebe.job
[2014/02/24 22:37:21 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/11 15:14:27 | 000,007,605 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\Resmon.ResmonCfg
[2013/12/26 13:53:53 | 004,581,376 | ---- | C] () -- C:\Program Files (x86)\GS_x64.Enabler
[2013/07/27 18:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/07/27 18:20:46 | 000,000,045 | ---- | C] () -- C:\Windows\WF-3520.ini
[2012/09/30 14:31:21 | 000,000,288 | ---- | C] () -- C:\Users\Phoebe\AppData\Roaming\.backup.dm
[2012/07/20 21:18:06 | 000,384,844 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\funmoods-speeddial.crx
[2012/07/20 21:18:01 | 000,031,465 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\funmoods.crx
[2012/04/30 20:10:39 | 000,001,234 | RHS- | C] () -- C:\Users\Phoebe\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/07 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Auslogics
[2014/01/02 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Epson
[2014/02/24 02:39:55 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\newnext.me
[2014/05/21 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\OpenCandy
[2014/05/27 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Origin
[2014/04/03 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\OverDrive
[2013/07/28 22:42:03 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\SanDisk
[2012/09/30 14:42:59 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\SanDisk SecureAccess
[2014/01/17 17:05:36 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Smilebox
[2012/04/30 20:11:29 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Synaptics
[2014/08/27 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Systweak
[2014/08/22 00:32:18 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\uTorrent
[2014/01/02 14:59:43 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 
OTL Txt Extras:
 

OTL Extras logfile created on: 11/10/2014 9:12:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Phoebe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.95 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 44.23% Memory free
11.90 Gb Paging File | 8.18 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 674.42 Gb Total Space | 437.44 Gb Free Space | 64.86% Space Free | Partition Type: NTFS
Drive D: | 20.06 Gb Total Space | 2.17 Gb Free Space | 10.82% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.10% Space Free | Partition Type: FAT32
 
Computer Name: SOSA-HP | User Name: Phoebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 1
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 1
"DisableSR" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON WF-3520 Series" = EPSON WF-3520 Series Printer Uninstall
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel® Identity Protection Technology 1.2.22.0
"{3A3A3B34-6EA2-4031-8580-D66D29533E89}" = Download Navigator
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{44F72193-F59C-4303-BAE8-E3E4BC1C122C}" = Epson Event Manager
"{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass PE 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7326DA0C-C09B-491C-81FF-6DA12B2256BB}" = OverDrive Media Console
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.10) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BC6CB499-9F29-4B41-8B8B-FA7248525256}" = HP Documentation
"{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}" = Software Updater
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}" = Epson E-Web Print
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Digital Editions 3.0" = Adobe Digital Editions 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Aleks 3.18" = Aleks 3.18
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"funmoods" = Funmoods Web Search
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"MSC" = McAfee AntiVirus Plus
"NSS" = Norton Security Scan
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"SmileBox_EN Toolbar" = SmileBox EN Toolbar
"VIP Access SDK" = VIP Access SDK (1.0.1.2) 
"VisualBee_V.5 Toolbar" = VisualBee V.5 Toolbar
"VLC media player" = VLC media player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WTA-0fb78b17-33dd-4f01-921f-e7b582e57496" = Bejeweled 3
"WTA-1294232e-5d53-4dda-9c85-dc96e30f5f0b" = Chuzzle Deluxe
"WTA-23929246-54a7-4aa2-8d95-c5e1943f4097" = Farmscapes
"WTA-2deee181-8954-4c86-ba12-318ead1cc2e7" = Zuma's Revenge
"WTA-37dd1031-c97c-4c44-856e-2007cf8cdb53" = Torchlight
"WTA-3906e7a5-9705-49d0-a1dd-5addf4915de2" = Hoyle Card Games
"WTA-40d4eb6c-a47e-4faf-b345-decff69d0baa" = Mah Jong Medley
"WTA-43922a3d-4fc6-4b7e-bcb4-c0e91794aa2e" = Farm Frenzy
"WTA-48ca0b6a-88e4-4a82-bff9-1bbb4434ddda" = John Deere Drive Green
"WTA-70bdb47a-bfb3-4f7a-a7ad-3f2da8f52362" = RollerCoaster Tycoon 3: Platinum
"WTA-7f1420b0-c542-4fe2-91d9-2fecad0e1e93" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-86414a45-e649-4e73-9b6c-1f7708f270e7" = The Treasures of Mystery Island: The Ghost Ship
"WTA-91a83c29-1945-4e45-bb19-020d73d2cc53" = Virtual Villagers 4 - The Tree of Life
"WTA-94ab8d8a-33b3-4f5c-9948-3dbda2b40fd0" = Dora's World Adventure
"WTA-96556fdd-b466-4caa-8054-981f9047f2c9" = Polar Bowler
"WTA-a17f5b3e-82a4-42c2-8972-46ba7d3d019a" = Plants vs. Zombies - Game of the Year
"WTA-aef240cc-6248-4a38-b6c2-24e6297240ba" = Final Drive Fury
"WTA-af026e11-5bad-45a9-a519-774518dcc195" = Letters from Nowhere 2
"WTA-b0e5cd09-8b67-4262-b34d-6b2af29328d2" = Poker Superstars III
"WTA-bd059a34-8d14-4e7e-9d83-4f278e077763" = Luxor HD
"WTA-cf50aa26-b1f0-42c0-9195-f024a7e11b29" = Cradle of Rome 2
"WTA-de03069c-7636-4b58-acb6-a993eaaf1f81" = Blackhawk Striker 2
"WTA-e707aeec-d578-4e4a-82bd-49a73f2e6c3f" = FATE
"WTA-f0c6e8f5-dba3-445d-9d69-675a85b0c58e" = Polar Golfer
"WTA-f55141d6-84e4-4f71-8f8e-a1d36c425ff2" = Penguins!
"WTA-ff971db7-0a8b-449f-86b5-075eb5288d97" = Jewel Match 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Smilebox" = Smilebox
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/10/2014 6:17:06 PM | Computer Name = Sosa-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-3271068997-377926614-2661869332-1003\$R2W8XMH.exe".
Dependent
 Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could
 not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/10/2014 6:55:12 PM | Computer Name = Sosa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/10/2014 7:01:09 PM | Computer Name = Sosa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/10/2014 7:25:21 PM | Computer Name = Sosa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/10/2014 7:30:00 PM | Computer Name = Sosa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/10/2014 11:07:55 PM | Computer Name = Sosa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/10/2014 11:14:02 PM | Computer Name = Sosa-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-3271068997-377926614-2661869332-1003\$R5OTWXS.exe".
Dependent
 Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could
 not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/10/2014 11:24:26 PM | Computer Name = Sosa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/11/2014 12:05:28 AM | Computer Name = Sosa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/11/2014 12:22:03 AM | Computer Name = Sosa-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/11/2014 1:10:48 AM | Computer Name = Sosa-HP | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: fb0    Start Time:
 01cffd6a5b7ca2c0    Termination Time: 282    Application Path: C:\Users\Phoebe\Desktop\OTL.exe
 
Report
 Id: 150ce010-6961-11e4-9439-7ce9d3f90fa5  
 
[ Hewlett-Packard Events ]
Error - 9/30/2014 11:44:52 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000HPSF.exe   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 30  TargetSite: Void Throw(System.Exception)  
 
Error - 10/7/2014 8:58:20 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 40  TargetSite: Void Throw(System.Exception)  
 
Error - 10/7/2014 8:58:22 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000HPSF.exe   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 40  TargetSite: Void Throw(System.Exception)  
 
Error - 10/14/2014 8:18:53 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 40  TargetSite: Void Throw(System.Exception)  
 
Error - 10/14/2014 8:18:59 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000HPSF.exe   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization:   TargetSite: Void Throw(System.Exception)  
 
Error - 10/21/2014 6:12:49 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 30  TargetSite: Void Throw(System.Exception)  
 
Error - 10/21/2014 6:12:57 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000HPSF.exe   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 30  TargetSite: Void Throw(System.Exception)  
 
Error - 10/28/2014 8:19:38 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 30  TargetSite: Void Throw(System.Exception)  
 
Error - 10/28/2014 8:19:40 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000HPSF.exe   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 30  TargetSite: Void Throw(System.Exception)  
 
Error - 11/4/2014 9:52:39 PM | Computer Name = Sosa-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146232000   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Root element is missing.  StackTrace:   at System.Xml.XmlTextReaderImpl.Throw(Exception
 e)     at System.Xml.XmlTextReaderImpl.ParseDocumentContent()     at System.Xml.XmlLoader.Load(XmlDocument
 doc, XmlReader reader, Boolean preserveWhitespace)     at System.Xml.XmlDocument.Load(XmlReader
 reader)     at System.Xml.XmlDocument.Load(String filename)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: System.Xml    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091
Ram
 Utilization: 30  TargetSite: Void Throw(System.Exception)  
 
[ HP Software Framework Events ]
Error - 4/25/2012 4:05:37 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/04/25 13:05:37.282|00000B0C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 4/30/2012 11:53:42 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/04/30 20:53:42.507|000017E8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/1/2012 7:59:27 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/05/01 16:59:27.024|00001478|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/1/2012 8:03:12 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/05/01 17:03:12.936|00001A90|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/1/2012 8:03:14 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/05/01 17:03:14.237|00001A98|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/1/2012 8:03:17 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/05/01 17:03:17.489|00001B7C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/8/2012 10:29:46 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/05/08 19:29:46.392|00001BC4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/15/2012 10:01:48 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/05/15 19:01:48.074|0000197C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/15/2012 10:03:13 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/05/15 19:03:13.995|00000834|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/15/2012 10:03:17 PM | Computer Name = Sosa-HP | Source = CaslWmi | ID = 5
Description = 2012/05/15 19:03:17.487|00001A30|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 11/11/2014 12:45:29 AM | Computer Name = Sosa-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 11/11/2014 12:45:36 AM | Computer Name = Sosa-HP | Source = PNRPSvc | ID = 102
Description = 
 
Error - 11/11/2014 12:45:36 AM | Computer Name = Sosa-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 11/11/2014 12:45:36 AM | Computer Name = Sosa-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 11/11/2014 12:45:46 AM | Computer Name = Sosa-HP | Source = PNRPSvc | ID = 102
Description = 
 
Error - 11/11/2014 12:45:48 AM | Computer Name = Sosa-HP | Source = PNRPSvc | ID = 102
Description = 
 
Error - 11/11/2014 12:45:47 AM | Computer Name = Sosa-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 11/11/2014 12:45:47 AM | Computer Name = Sosa-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 11/11/2014 12:45:48 AM | Computer Name = Sosa-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 11/11/2014 12:45:48 AM | Computer Name = Sosa-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
 
< End of report >
 

Edited by phoebe_s78, 11 November 2014 - 01:00 AM.

  • 0

Advertisements

#2
Essexboy
Posted 11 November 2014 - 11:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can sort this out for you :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2014/05/27 23:46:46 | 000,706,560 | ---- | M] () [Auto | Running] -- C:\Program Files\002\yewimmxqbs64.exe -- (yewimmxqbs64)
SRV - [2014/03/31 05:39:36 | 000,350,528 | ---- | M] (ClientConnect Ltd.) [Auto | Running] -- C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe -- (TBSrv)
DRV:64bit: - [2014/08/27 05:39:00 | 000,061,072 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys -- ({c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1209738023
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {166A6956-F5AD-4686-BCAA-536FC0762DB8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...C&cr=1209738023
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-468
IE - HKCU\..\SearchScopes,DefaultScope = {81688365-E288-4C27-9097-59514EDD828B}
IE - HKCU\..\SearchScopes\{60C81A18-51F6-47F2-B06C-33F9A627B0CD}: "URL" = http://search.condui...4631994630&UM=2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-468: "URL" = http://start.funmood...C&cr=1209738023
IE - HKCU\..\SearchScopes\{C7B84228-7B83-4247-B10B-655843FEA48E}: "URL" = http://astromenda.co...r=447651281&ir=
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Web Assistant\Firefox
[2012/07/20 21:17:48 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/07/20 21:17:56 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
O2 - BHO: (VisualBee V.5 Toolbar) - {61a83e16-7198-49c6-8874-3e4e8faeb4f3} - C:\Program Files (x86)\VisualBee_V.5\prxtbVisu.dll File not found
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmi0.dll File not found
O3 - HKLM\..\Toolbar: (VisualBee V.5 Toolbar) - {61a83e16-7198-49c6-8874-3e4e8faeb4f3} - C:\Program Files (x86)\VisualBee_V.5\prxtbVisu.dll File not found
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmi0.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (VisualBee V.5 Toolbar) - {61A83E16-7198-49C6-8874-3E4E8FAEB4F3} - C:\Program Files (x86)\VisualBee_V.5\prxtbVisu.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmi0.dll File not found
O3:HKU - HKCU\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Users\Phoebe\AppData\LocalLow\SmileBox_EN\prxtbSmi2.dll File not found
O4 - HKCU..\Run: [Otgpuozkwdji] C:\Users\Phoebe\AppData\Local\Broadcom\Otgpuozkwdji.dll (Borland Software Corporation)
[2014/10/23 20:40:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8ebdb9948842.job
[2012/07/20 21:18:06 | 000,384,844 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\funmoods-speeddial.crx
[2012/07/20 21:18:01 | 000,031,465 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\funmoods.crx
[2014/02/24 02:39:55 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\newnext.me
[2014/05/21 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\OpenCandy
[2014/08/27 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Systweak

:Files
C:\Users\Phoebe\AppData\LocalLow\Apple Computer
C:\Program Files (x86)\Tbccint
C:\Program Files\002
C:\Program Files (x86)\Funmoods
C:\Program Files (x86)\VisualBee_V.5
C:\Users\Phoebe\AppData\Local\Broadcom

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
    [
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
phoebe_s78
Posted 11 November 2014 - 07:45 PM

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Ahhhhhhh!!! It seems to have worked seriously THANK YOU SO MUCH I WAS SO DONE WITH TRYING TO FIX IT I WAS ABOUT TO GIVE UP. 

 

You guys are seriously LIFE SAVERS THANK YOU!!!!  :D

 

Here's the info you asked for:

 

AdwCleaner log:

 

# AdwCleaner v4.101 - Report created 11/11/2014 at 19:25:53

# Updated 09/11/2014 by Xplode
# Database : 2014-11-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phoebe - SOSA-HP
# Running from : C:\Users\Phoebe\Documents\Geek Forum Stuff\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Update ConstaSurf
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\GS_x64.Enabler
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\RrFilter
Folder Deleted : C:\Users\Phoebe\AppData\Local\Conduit
Folder Deleted : C:\Users\Phoebe\AppData\Local\emaze
Folder Deleted : C:\Users\Phoebe\AppData\Local\genienext
Folder Deleted : C:\Users\Phoebe\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Phoebe\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Phoebe\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Phoebe\daemonprocess.txt
File Deleted : C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : ASP
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3061355
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287804
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41E2BE59-5C34-46AB-B743-6678BC94F42C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKLM\SOFTWARE\b1.org
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : [x64] HKLM\SOFTWARE\b1.org
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_35_ch&cd=2XzuyEtN2Y1L1QzuzztD0CtCyC0EyEtByEyDyB0E0B0E0A0CtN0D0Tzu0SzyyBtDtN1L2XzutAtFtBtFtCtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtA0E0Bzz0DtAyBtG0E0CyD0CtG0E0A0B0FtGyBzy0CyBtGyDyE0FzzyD0BtA0DtD0B0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0E0A0FtA0BtBtG0E0DzzzytGyE0FyEzztGzy0D0DzztG0F0Ezz0CyB0ByE0A0FtByCtB2Q&cr=447651281&ir=
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mystart.smilebox.com/?search={searchTerms}&loc=SB_IE_DS&a=6R8veaFiJR
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061355
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061355
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzztD0CtCyC0EyEtByEyDyB0E0B0E0A0CtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1209738023
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [17359 octets] - [11/11/2014 19:16:30]
AdwCleaner[S0].txt - [16711 octets] - [11/11/2014 19:25:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16772 octets] ##########
 
 
FRST txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Phoebe (administrator) on SOSA-HP on 11-11-2014 19:29:40
Running from C:\Users\Phoebe\Documents\Geek Forum Stuff
Loaded Profile: Phoebe (Available profiles: Sosa & Phoebe & Administrator & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Smilebox, Inc.) C:\Users\Phoebe\AppData\Roaming\Smilebox\SmileboxTray.exe
(Gemalto N.V.) C:\Users\Phoebe\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-05-27] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Run: [SmileboxTray] => C:\Users\Phoebe\AppData\Roaming\Smilebox\SmileboxTray.exe [317736 2013-11-19] (Smilebox, Inc.)
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Phoebe\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-09-30] (Gemalto N.V.)
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Run: [Facebook Update] => C:\Users\Phoebe\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-01] (Facebook Inc.)
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Run: [DelayShred] => c:\Program Files\McAfee\MQS\ShrCL.exe [128608 2013-07-31] () <===== ATTENTION
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Policies\Explorer: [NoControlPanel] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicyUsers\S-1-5-21-3271068997-377926614-2661869332-1003\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {542A7E09-619A-4B1F-8647-1F824BED7769} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {542A7E09-619A-4B1F-8647-1F824BED7769} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3271068997-377926614-2661869332-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Phoebe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-08-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-07-19]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-10]
CHR Extension: (YouTube) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (SiteAdvisor) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-10]
CHR Extension: (A Crack in Time and Space) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmpbeckibaikflbnegjemaegnpbgjol [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Gmail) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-01]
CHR HKLM-x32\...\Chrome\Extension: [bfmogjcijkfeahcajecmmegieipfbdcc] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-17]
CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Phoebe\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2011-08-17]
CHR HKLM-x32\...\Chrome\Extension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:\Users\Phoebe\AppData\Local\CRE\cpoooaodibfldhiobnmnjliddplmekeb.crx [2013-08-04]
CHR HKLM-x32\...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Phoebe\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx [2013-08-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\McAfee\MSC\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 Update ClearThink; "C:\Program Files (x86)\ClearThink\updateClearThink.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 19:31 - 2014-11-11 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-11 19:15 - 2014-11-11 19:15 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Broadcom
2014-11-11 19:08 - 2014-11-11 19:08 - 00003513 _____ () C:\Users\Phoebe\Desktop\FRST64.lnk
2014-11-11 19:06 - 2014-11-11 19:29 - 00000000 ____D () C:\FRST
2014-11-11 19:06 - 2014-11-11 19:06 - 01107968 _____ (Farbar) C:\Users\Phoebe\Downloads\FRST.exe
2014-11-11 19:04 - 2014-11-11 19:04 - 00004941 _____ () C:\Users\Phoebe\Desktop\OTL.lnk
2014-11-11 19:03 - 2014-11-11 19:29 - 00000000 ____D () C:\Users\Phoebe\Documents\Geek Forum Stuff
2014-11-11 19:03 - 2014-11-11 19:16 - 00006649 _____ () C:\Users\Phoebe\Desktop\AdwCleaner.lnk
2014-11-11 19:02 - 2014-11-11 19:26 - 00000000 ____D () C:\AdwCleaner
2014-11-10 22:07 - 2014-11-10 22:07 - 00084740 _____ () C:\Users\Phoebe\Downloads\Extras.Txt
2014-11-10 22:01 - 2014-11-10 22:01 - 00123072 _____ () C:\Users\Phoebe\Downloads\OTL.Txt
2014-11-10 21:12 - 2014-11-10 21:12 - 00602112 _____ (OldTimer Tools) C:\Users\Phoebe\Downloads\OTL.scr
2014-11-10 21:12 - 2014-11-10 21:12 - 00602112 _____ (OldTimer Tools) C:\Users\Phoebe\Downloads\OTL.com
2014-11-10 20:39 - 2014-11-10 20:39 - 00000000 __SHD () C:\Users\Sosa\AppData\Local\EmieUserList
2014-11-10 20:39 - 2014-11-10 20:39 - 00000000 __SHD () C:\Users\Sosa\AppData\Local\EmieSiteList
2014-11-10 20:36 - 2014-11-10 20:36 - 00000000 _____ () C:\Users\Sosa\Sti_Trace.log
2014-11-10 20:01 - 2014-11-10 20:01 - 00000000 ____D () C:\_OTL
2014-11-10 15:33 - 2014-11-10 15:33 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-10 15:33 - 2014-11-10 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-10 15:07 - 2014-11-10 15:24 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForPhoebe.job
2014-11-10 15:07 - 2014-11-10 15:07 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhoebe
2014-11-03 20:21 - 2014-11-03 20:21 - 04722929 _____ () C:\Users\Phoebe\Downloads\Why You Should Care About Paul.pptx
2014-11-03 20:21 - 2014-11-03 20:21 - 02075752 _____ () C:\Users\Phoebe\Downloads\Paul as Letter-Writer and 1 Corinthians.pptx
2014-11-03 20:21 - 2014-11-03 20:21 - 00408947 _____ () C:\Users\Phoebe\Downloads\Galatians.pptx
2014-10-28 22:15 - 2014-10-28 22:15 - 16794369 _____ () C:\Users\Phoebe\Downloads\315L fall '14 lecture 7.pptx
2014-10-18 20:11 - 2014-10-18 20:11 - 00000261 _____ () C:\Users\Phoebe\Downloads\kmfa (1).pls
2014-10-14 23:57 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 23:57 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 23:57 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 23:57 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 23:57 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 23:57 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 23:57 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 23:57 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 23:57 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 23:57 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 23:57 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 23:57 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 23:57 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 23:57 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 23:57 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 23:57 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 23:57 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 23:57 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 23:57 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 23:57 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 23:57 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 23:57 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 23:57 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 23:57 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 23:57 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 23:57 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 23:57 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 23:57 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 23:57 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 23:57 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 23:57 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 23:57 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 23:57 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 23:57 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 23:57 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 23:57 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 23:57 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 23:57 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 23:57 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 23:57 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 23:57 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 23:57 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 23:57 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 23:57 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 23:57 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 23:57 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 23:57 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 23:57 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 23:57 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 23:57 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 23:57 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 23:57 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 23:57 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 23:57 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 23:57 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 23:57 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 23:57 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 23:57 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 23:57 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 23:57 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 23:57 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 23:57 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 23:57 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 23:57 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 23:57 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 23:57 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 23:57 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 23:57 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 23:57 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 23:57 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 23:57 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 23:57 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 23:57 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 23:57 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 23:57 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 23:57 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 23:57 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 23:57 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 23:57 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 23:57 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 23:57 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 23:57 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 23:57 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 23:57 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 23:57 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 23:57 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 23:57 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 23:57 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 23:56 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 23:56 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 23:56 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 23:56 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 23:56 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 23:56 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 23:56 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 23:56 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 23:56 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 23:56 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 23:56 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 23:56 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 23:56 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 23:56 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 23:56 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 23:56 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 23:56 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 23:55 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 23:55 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 23:55 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 23:55 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 23:55 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 23:55 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 23:55 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 23:55 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 23:55 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 23:55 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 23:55 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 23:55 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 23:55 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 23:55 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 23:55 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 23:55 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 23:55 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 19:31 - 2011-12-12 00:34 - 01163751 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 19:27 - 2014-02-24 01:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 19:27 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 19:27 - 2009-07-13 20:51 - 00177228 _____ () C:\Windows\setupact.log
2014-11-11 19:26 - 2010-11-20 19:47 - 00545888 _____ () C:\Windows\PFRO.log
2014-11-11 19:25 - 2012-04-30 20:10 - 00000000 ____D () C:\Users\Phoebe
2014-11-11 19:22 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:22 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:19 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 19:06 - 2013-12-13 19:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 18:55 - 2012-04-30 20:11 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{59C98182-FF9A-4DBE-820F-9B97B2676CAC}
2014-11-10 23:49 - 2014-07-01 22:44 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003UA.job
2014-11-10 23:49 - 2014-07-01 22:44 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003Core.job
2014-11-10 20:36 - 2013-08-31 19:45 - 00000000 ____D () C:\Users\Sosa\AppData\Local\Google
2014-11-10 20:36 - 2012-04-25 12:18 - 00001413 _____ () C:\Users\Sosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-10 20:36 - 2012-04-25 11:59 - 00000000 ____D () C:\Users\Sosa
2014-11-10 20:36 - 2009-07-13 20:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-10 20:35 - 2012-04-30 19:59 - 00000632 __RSH () C:\Users\Sosa\ntuser.pol
2014-11-10 15:33 - 2012-04-30 20:19 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Google
2014-11-09 15:54 - 2012-05-01 16:17 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\CrashDumps
2014-11-02 13:59 - 2014-01-31 13:21 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for Phoebe.job
2014-11-01 20:53 - 2012-09-05 17:47 - 00000000 ____D () C:\Users\Phoebe\Documents\School Work
2014-10-30 21:32 - 2012-04-30 19:47 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-28 20:35 - 2013-08-31 17:29 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-26 19:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-25 17:20 - 2009-07-13 21:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-23 20:40 - 2014-06-23 00:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf8ebdb9948842
2014-10-23 20:40 - 2014-02-24 01:07 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 18:58 - 2012-05-01 18:44 - 00000000 ____D () C:\Users\Phoebe\Documents\Youcam
2014-10-15 18:11 - 2009-07-13 20:45 - 00342240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 10:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 10:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 09:44 - 2012-04-25 12:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 09:36 - 2013-08-13 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 09:06 - 2013-02-01 23:55 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Files to move or delete:
====================
c:\Program Files\McAfee\MQS\ShrCL.exe
 
 
Some content of TEMP:
====================
C:\Users\Phoebe\AppData\Local\Temp\Quarantine.exe
C:\Users\Phoebe\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 11:31
 
==================== End Of Log ============================
 
 
Addition txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Phoebe at 2014-11-11 19:32:17
Running from C:\Users\Phoebe\Documents\Geek Forum Stuff
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\uTorrent) (Version: 3.4.2.33023 - BitTorrent Inc.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
AuthenTec TrueAPI (Version: 1.3.0.139 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.264 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smilebox (HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SmileBox EN Toolbar (HKLM-x32\...\SmileBox_EN Toolbar) (Version: 6.8.9.0 - SmileBox EN)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VisualBee V.5 Toolbar (HKLM-x32\...\VisualBee_V.5 Toolbar) (Version: 6.15.0.27 - VisualBee V.5) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
31-08-2014 16:34:19 Scheduled Checkpoint
01-09-2014 02:00:15 Windows Backup
08-09-2014 02:00:26 Windows Backup
13-09-2014 02:59:54 Windows Update
15-09-2014 07:23:11 Windows Backup
22-09-2014 02:00:21 Windows Backup
27-09-2014 19:49:30 Windows Update
29-09-2014 02:00:21 Windows Backup
01-10-2014 10:00:17 Windows Update
06-10-2014 03:33:07 Windows Backup
13-10-2014 02:18:04 Windows Backup
15-10-2014 17:05:29 Windows Update
20-10-2014 17:14:16 Windows Backup
27-10-2014 02:00:15 Windows Backup
03-11-2014 03:00:14 Windows Backup
10-11-2014 03:00:56 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-11-11 19:10 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BF60090-BEFD-41F0-9865-F236499EEA37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {0F30B3FF-2933-45AA-9342-8D10C6FEC0F8} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8ebdb9948842 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {22DB821B-5EE5-4190-A921-7E9C0378582F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003UA => C:\Users\Phoebe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-01] (Facebook Inc.)
Task: {28A9277A-C4B5-4DAB-A4EB-6A121F576B3D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {4C610D43-07BF-4000-B504-CF5E205D297B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E169123-0AF6-4D62-A1EB-58CF8ED25340} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {84DFB65F-96FD-4D5A-B575-128381C5ABBF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {856995EB-8BFF-412F-9493-B5405DB30E0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {875225AE-0111-4F8B-BBBE-77925EAFCA5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003Core1cef3efc187c360 => C:\Users\Phoebe\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9211507C-57AD-4C2F-8F52-DDB317155026} - System32\Tasks\HPCeeScheduleForPhoebe => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {9DBA99A6-E8F7-4A35-A0C6-D0ED070F03DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {B8D15837-C222-4301-96E4-66AC3518614A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003Core => C:\Users\Phoebe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-01] (Facebook Inc.)
Task: {C45435BC-D40A-4075-95EB-EDD812D956E4} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-09-06] (Microsoft)
Task: {C86CD747-221D-4948-B613-DE679B3A7D2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E1F2FBC8-692B-4B0E-AA60-AA614DA2F291} - System32\Tasks\Norton Security Scan for Phoebe => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
Task: {E71C4E65-F39A-49C6-A269-5950054D79F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {EECFCAF4-9F71-45B2-A99C-697EDF27A30F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {F82EFB48-49F8-46B0-99EC-744E1EBFD74D} - System32\Tasks\Auslogics\Disk Defrag\Sheduled Defragmentation => C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe [2012-10-10] (Auslogics)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003Core.job => C:\Users\Phoebe\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3271068997-377926614-2661869332-1003UA.job => C:\Users\Phoebe\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPhoebe.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Phoebe.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-15 23:59 - 2005-03-11 23:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-08-26 11:53 - 2011-08-26 11:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-19 22:34 - 2011-12-19 22:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-14 15:05 - 2012-02-14 15:37 - 11796096 _____ () C:\Users\Phoebe\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2009-07-13 13:03 - 2009-07-13 17:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-10-15 21:48 - 2014-10-15 21:48 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-12-12 00:32 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3271068997-377926614-2661869332-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3271068997-377926614-2661869332-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3271068997-377926614-2661869332-1002 - Limited - Enabled)
Phoebe (S-1-5-21-3271068997-377926614-2661869332-1003 - Administrator - Enabled) => C:\Users\Phoebe
Sosa (S-1-5-21-3271068997-377926614-2661869332-1000 - Administrator - Enabled) => C:\Users\Sosa
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Linksys Internet Gateway Device
Description: Linksys Internet Gateway Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2014 07:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 07:27:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Sosa-HP.local already in use; will try Sosa-HP-2.local instead
 
Error: (11/11/2014 07:27:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Sosa-HP.local. Addr 192.168.1.143
 
Error: (11/11/2014 07:27:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.121:5353    4 sosa-HP.local. Addr 192.168.1.121
 
Error: (11/11/2014 07:15:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 07:14:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Sosa-HP.local already in use; will try Sosa-HP-2.local instead
 
Error: (11/11/2014 07:14:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Sosa-HP.local. Addr 192.168.1.143
 
Error: (11/11/2014 07:14:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.121:5353    4 sosa-HP.local. Addr 192.168.1.121
 
Error: (11/11/2014 06:49:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 06:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Sosa-HP.local already in use; will try Sosa-HP-2.local instead
 
 
System errors:
=============
Error: (11/11/2014 07:28:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/11/2014 07:28:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (11/11/2014 07:28:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (11/11/2014 07:28:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (11/11/2014 07:28:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (11/11/2014 07:28:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (11/11/2014 07:28:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (11/11/2014 07:27:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (11/11/2014 07:27:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (11/11/2014 07:27:56 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
 
Microsoft Office Sessions:
=========================
Error: (11/11/2014 07:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 07:27:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Sosa-HP.local already in use; will try Sosa-HP-2.local instead
 
Error: (11/11/2014 07:27:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Sosa-HP.local. Addr 192.168.1.143
 
Error: (11/11/2014 07:27:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.121:5353    4 sosa-HP.local. Addr 192.168.1.121
 
Error: (11/11/2014 07:15:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 07:14:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Sosa-HP.local already in use; will try Sosa-HP-2.local instead
 
Error: (11/11/2014 07:14:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Sosa-HP.local. Addr 192.168.1.143
 
Error: (11/11/2014 07:14:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.121:5353    4 sosa-HP.local. Addr 192.168.1.121
 
Error: (11/11/2014 06:49:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 06:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Sosa-HP.local already in use; will try Sosa-HP-2.local instead
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-03 21:57:40.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:57:25.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:56:31.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:56:09.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:56:08.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:56:08.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:56:07.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:56:06.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:56:05.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 21:56:05.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 46%
Total physical RAM: 6091.86 MB
Available physical RAM: 3234.76 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 9376.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:674.42 GB) (Free:436.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.06 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E861ED1B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=674.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#4
Essexboy
Posted 12 November 2014 - 08:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm are you experiencing problems with your McAfee antivirus ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Run: [DelayShred] => c:\Program Files\McAfee\MQS\ShrCL.exe [128608 2013-07-31] () <===== ATTENTION
GroupPolicyUsers\S-1-5-21-3271068997-377926614-2661869332-1003\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
c:\Program Files\McAfee\MQS\ShrCL.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#5
phoebe_s78
Posted 12 November 2014 - 09:58 PM

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I'm not sure.. It's never given me any problems, I guess but I did run a full scan when I saw that I had this issue and it didn't do anything. I guess it doesn't work then? Do you have any suggestions for any other free anti virus programs? I'd really appreciate it. And again, thanks!!  :happy: My laptop is running fine now! 

 

Also, here's the log you asked for:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Phoebe at 2014-11-12 21:46:09 Run:1
Running from C:\Users\Phoebe\Documents\Geek Forum Stuff
Loaded Profile: Phoebe (Available profiles: Sosa & Phoebe & Administrator & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\...\Run: [DelayShred] => c:\Program Files\McAfee\MQS\ShrCL.exe [128608 2013-07-31] () <===== ATTENTION
GroupPolicyUsers\S-1-5-21-3271068997-377926614-2661869332-1003\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
c:\Program Files\McAfee\MQS\ShrCL.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-3271068997-377926614-2661869332-1003\Software\Microsoft\Windows\CurrentVersion\Run\\DelayShred => value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3271068997-377926614-2661869332-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
Could not move "c:\Program Files\McAfee\MQS\ShrCL.exe" => Scheduled to move on reboot.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{E32D1A12-717C-4C89-AA6E-388051E4C650} canceled.
{424E8003-9CB6-4869-9931-988F304F039D} canceled.
{B82945FA-F5BF-4A40-849A-3927552D8E63} canceled.
{2DDB0190-E8EC-4639-A6A9-A5034E375177} canceled.
{B20F9510-8205-42B4-AAFF-7066A5466984} canceled.
{9ECCC73C-A125-4ADE-BCE3-189856E979F0} canceled.
{819140F0-3714-47CE-85E7-67DC6FC99695} canceled.
{0E16523D-1622-4FAB-85CB-EC9917B3DBD6} canceled.
{053F65B0-4CF2-4521-A12B-0A3A8F3DC185} canceled.
{063B2F98-2ED2-41B2-87A0-03E9E70DAD6C} canceled.
{E348AFDC-E110-4E91-BBD8-8EBD15082537} canceled.
{4AB6AEB3-8BF1-4291-ADA6-F9E4B3EC35D0} canceled.
{A7C2A0DC-420B-4F2F-A6E3-749BB340E925} canceled.
{9DA9FAF7-058B-46C7-9F08-1F49C0C60546} canceled.
14 out of 14 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 729 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-12 21:48:26)<=
 
"c:\Program Files\McAfee\MQS\ShrCL.exe" => File could not move.
 
==== End of Fixlog ====

  • 0

#6
Essexboy
Posted 13 November 2014 - 08:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is just that the malware had set a restriction on McAfee which prevented it from running :

HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION

If you still have a paid licence for McAfee that is current then I would recommend that you keep it until it expires but, if you want a free one I can give you a link and installation assistance

Any further problems before I tidy up ?
  • 0

#7
phoebe_s78
Posted 13 November 2014 - 05:52 PM

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I do actually have a question! I have a windows 7 computer and I'm an administrator but even though I'm an administrator, there are things that I'm limited to doing that I wasn't before (things like I can't turn on my system restore because the "administrator" turned it off. I barely noticed this the other day because in the past I've always been able to have access to it). How do I get my privileges back? 

 

And I'll wait for the MacAfee sub to expire, but once that's done I'd like to change it. Could you leave me a link and instructions for the future? I'd really appreciate it! 

 

Thanks! 


  • 0

#8
Essexboy
Posted 14 November 2014 - 06:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check the services

Download Eset service repair to your desktop
Run the programme and accept the elevation request
Once it has completed it will ask for a reboot, allow it to do so  
After the reboot there will be a CC Support folder on the desktop
Open that and go to the logs folder there will be a report please post that
 
Then :

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#9
phoebe_s78
Posted 14 November 2014 - 05:12 PM

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Here are the logs you asked for in the order you asked:

 

Log Opened: 2014-11-14 @ 17:02:49
17:02:49 - -----------------
17:02:49 - | Begin Logging |
17:02:49 - -----------------
17:02:49 - Fix started on a WIN_7 X64 computer
17:02:49 - Prep in progress.  Please Wait.
17:02:56 - Prep complete
17:02:56 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
 
SetACL finished successfully.
17:02:59 - Services Repair Complete.
17:03:01 - Reboot Initiated
 
 
Farbar Service Scanner Version: 21-07-2014
Ran by Phoebe (administrator) on 14-11-2014 at 17:07:09
Running from "C:\Users\Phoebe\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=DWORD:1
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#10
Essexboy
Posted 15 November 2014 - 04:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like system restore is the only one to fix now ..
 
Download and run this small programme http://www.tweaking....aultStartup.exe

Reboot and then try system restore
  • 0

Advertisements

#11
phoebe_s78
Posted 15 November 2014 - 01:24 PM

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I did as you said and all of my system protection is still disabled :/


  • 0

#12
Essexboy
Posted 15 November 2014 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK manual fix time

Download the attached sysrest.reg file to your desktop
Attached File  sysrest.reg   330bytes   261 downloads

Right click the file and select merge or double click it
Accept the warning
Reboot and try system restore again
  • 0

#13
phoebe_s78
Posted 15 November 2014 - 03:25 PM

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

That worked!! Dude you are SO AWESOME! Thanks!  :D


  • 0

#14
Essexboy
Posted 15 November 2014 - 03:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#15
phoebe_s78
Posted 15 November 2014 - 04:44 PM

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Again, thank you!!! I'll definitely check in if I have any further problems! :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: google chrome, virus, tnulqtoe.exe *32, .exe problems, cpu usage, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP