Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC under heavy attack [Solved]


  • This topic is locked This topic is locked

#1
4MRM

4MRM

    Member

  • Member
  • PipPip
  • 20 posts

For the last few days, my PC has been under attack. I ran some various malware removal programs and it caught several issues. I thought it was fixed, but it was not. When logged in to one of the accounts, the hard drive stays pegged, the screen saver never kicks on, and a random "internet explorer has stopped working" will flash up. Just as I was typing this, my Norton virus scan caught the following trying to get into the computer:

 

Trojan.Powelik Activity

 

Angler Exploit Kit Website 15

 

Trojan.AdClicker Activity

 

I need help to get my computer clean.


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 


  • 0

#3
4MRM

4MRM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Here's the thing. When I try to download anything under my profile, it won't let me download it. I get the box that says "your current security settings do not allow this file to download". I did download Farbar, but my virus scan flags it as a bad file and removes it. It won't let me run it. I get that whether I'm logged in as me or as the administrator.

 

I should also add that I have several of the Google Chrome exe's running on the task manager. I uninstalled Chrome and still have those.


Edited by 4MRM, 12 November 2014 - 08:59 AM.

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem. I'll put instructions together for you. Do you happen to have a USB/Thumb drive that we could utilize if need be?

 

Also do you have another computer (besides the infected one) that you could use to download tools if need be?


  • 0

#5
4MRM

4MRM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Yes to both. As soon as I tried to run the Farbar program from a thumb drive, my virus scan flagged it and removed it from the thumb drive. It did that even when I was logged in as the administrator. I have Norton and tried to find somewhere to turn it off, but haven't found where to do that.

 

As a side note, I do not have those issues with pegging the drive and incoming attacks when I am logged in as administrator or under my wife's account on the computer.


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

It's not likely your AV is removing the files. Last question so I can prepare instructions for you. Do you happen to know what operating system your machine is? (i.e. Win8, Win7, Win Vista, Win XP)


  • 0

#7
4MRM

4MRM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

It is Windows 7.


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, I have a plan. Let's first try to disable your Norton AV and see if you can download the FRST file mentioned in my previous post and run a scan.

 

You should be able to disable Norton Auto-Protect and the Smart Firewall by right clicking on the Norton icon in the taskbar (by your system time) and select to disable each of these for a period of time that you wish.

 

Let me know the results and we'll go from there. Thanks.


  • 0

#9
4MRM

4MRM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Disabling the AV worked. Here are the text files.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Owner (administrator) on DESKTOP on 12-11-2014 12:55:37
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Kim & Michael2 & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\NkView6\NkvMon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Acronis) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\omgolld.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\omgolld.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\omgolld.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\omgolld.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\omgolld.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\omgolld.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\omgolld.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\omgolld.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [362488 2010-06-07] (Acronis)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Run: [uywtdidl] => regsvr32.exe /s "C:\Users\Owner\AppData\Local\{80BD9E64-9F07-4A15-A9C9-BC0493984335}\uywtdidl.dll" <===== ATTENTION
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Policies\Explorer: [] 0
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\MountPoints2: {476004d4-edba-11e1-a566-446d5756518c} - K:\LaunchU3.exe -a
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkvMon.exe.lnk
ShortcutTarget: NkvMon.exe.lnk -> C:\Program Files (x86)\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...ll/en/side.html
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {65619AC8-EB2A-4F1B-9D78-7659E69E1AD1} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {65619AC8-EB2A-4F1B-9D78-7659E69E1AD1} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.10

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fpd5yyrg.default
FF Homepage: hxxp://www.comcast.net/home.html
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: vShare - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fpd5yyrg.default\Extensions\[email protected] [2010-12-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fpd5yyrg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-12]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com) [File not signed]
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 Automatic LiveUpdate Scheduler; C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141111.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141111.034\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141111.034\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-16] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-11] ()
S0x01000000 papycpu2; \SystemRoot\System32\DRIVERS\papycpu2.sys [X]
S0x01000000 papyjoy; \SystemRoot\System32\DRIVERS\papyjoy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 12:55 - 2014-11-12 12:56 - 00024054 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-11-12 12:55 - 2014-11-12 12:55 - 00000000 ____D () C:\FRST
2014-11-12 12:55 - 2014-11-12 12:53 - 02116096 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-11-12 09:40 - 2014-11-12 09:40 - 00000000 ____D () C:\Users\Michael2\AppData\Roaming\NVIDIA
2014-11-12 09:40 - 2014-11-12 09:40 - 00000000 ____D () C:\Users\Michael2\AppData\Roaming\Hewlett-Packard
2014-11-12 09:40 - 2014-10-05 11:18 - 00000636 _____ () C:\Users\Michael2\Desktop\Minecraft.exe - Shortcut.lnk
2014-11-12 09:37 - 2014-11-12 08:37 - 04759277 _____ () C:\Users\Michael2\Desktop\launcher.jar
2014-11-12 09:36 - 2014-11-12 09:36 - 00000020 ___SH () C:\Users\Michael2\ntuser.ini
2014-11-12 09:36 - 2014-11-12 09:36 - 00000000 ____D () C:\Users\Michael2\Documents\Bluetooth Exchange Folder
2014-11-12 09:36 - 2014-11-12 09:36 - 00000000 ____D () C:\Users\Michael2\AppData\Local\TouchSmartData
2014-11-12 09:36 - 2014-11-12 09:36 - 00000000 ____D () C:\Users\Michael2\AppData\Local\Broadcom
2014-11-12 09:34 - 2014-11-12 09:40 - 00000000 ____D () C:\Users\Michael2\AppData\Roaming\.minecraft
2014-11-12 09:27 - 2014-11-12 09:27 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5DFD6118-3845-4952-9A80-B154B9265C70}
2014-11-12 09:26 - 2014-11-12 09:36 - 00000000 ____D () C:\Users\Michael2
2014-11-12 09:26 - 2012-09-28 19:17 - 00002049 _____ () C:\Users\Michael2\Desktop\Cyberlink PowerDirector.lnk
2014-11-12 09:26 - 2012-09-28 19:17 - 00000000 ____D () C:\Users\Michael2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberlink PowerDirector
2014-11-12 09:26 - 2012-05-17 14:31 - 00000000 ____D () C:\Users\Michael2\AppData\Roaming\Macromedia
2014-11-12 09:26 - 2012-05-17 14:20 - 00000000 ____D () C:\Users\Michael2\AppData\Local\Hewlett-Packard
2014-11-12 09:26 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Michael2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-12 09:26 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Michael2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-12 09:14 - 2014-11-12 09:14 - 00001894 _____ () C:\Users\Owner\Desktop\AdwCleaner[S1].txt
2014-11-12 09:06 - 2014-11-12 08:59 - 02140160 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-11-12 08:54 - 2014-11-12 08:54 - 00021986 _____ () C:\Users\Owner\Desktop\11122014_084827.log
2014-11-12 08:48 - 2014-11-12 08:48 - 00000000 ____D () C:\_OTL
2014-11-12 08:47 - 2014-11-12 08:45 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-11-11 18:45 - 2014-11-11 18:45 - 05598118 _____ (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-11-11 18:45 - 2014-11-11 18:45 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\TFC.exe
2014-11-11 18:44 - 2014-11-11 18:44 - 00000000 _____ () C:\Users\Administrator\Desktop\FRST.exe.qkf92zg.partial
2014-11-11 18:43 - 2014-11-11 18:43 - 01706808 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-11-11 18:23 - 2014-11-11 18:23 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-11 18:23 - 2014-11-11 18:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-11 18:22 - 2014-11-11 18:22 - 00001858 _____ () C:\Users\Administrator\Desktop\AdwCleaner[S0].txt
2014-11-11 18:16 - 2014-11-12 09:11 - 00000000 ____D () C:\AdwCleaner
2014-11-11 18:14 - 2014-11-11 18:14 - 00083892 _____ () C:\Users\Administrator\Desktop\Extras.Txt
2014-11-11 18:13 - 2014-11-11 18:16 - 00125868 _____ () C:\Users\Administrator\Desktop\OTL.Txt
2014-11-11 18:13 - 2014-11-11 18:13 - 14672984 _____ () C:\Users\Administrator\Desktop\RogueKiller.exe
2014-11-11 18:13 - 2014-11-11 18:13 - 02140160 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2014-11-11 18:05 - 2014-11-11 18:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2014-11-11 18:04 - 2014-11-11 18:04 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2014-11-11 18:03 - 2014-11-11 18:03 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-11-11 18:03 - 2014-11-11 18:03 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-11-11 18:03 - 2014-11-11 18:03 - 00000000 ____D () C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2014-11-11 18:03 - 2014-11-11 18:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Broadcom
2014-11-11 18:02 - 2014-11-11 18:12 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1CD095B-7F58-42B7-8AC5-22592C79C9FA}
2014-11-11 18:02 - 2014-11-11 18:02 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-11 18:02 - 2014-11-11 18:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-11-11 18:02 - 2014-11-11 18:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TouchSmartData
2014-11-11 18:01 - 2014-11-11 18:02 - 00000000 ____D () C:\Users\Administrator
2014-11-11 18:01 - 2014-11-11 18:01 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-11-11 18:01 - 2014-11-11 18:01 - 00000000 _____ () C:\Users\Owner\net
2014-11-11 18:01 - 2012-09-28 19:17 - 00002049 _____ () C:\Users\Administrator\Desktop\Cyberlink PowerDirector.lnk
2014-11-11 18:01 - 2012-09-28 19:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberlink PowerDirector
2014-11-11 18:01 - 2012-05-17 14:31 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-11-11 18:01 - 2012-05-17 14:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Hewlett-Packard
2014-11-11 18:01 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-11 18:01 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-11 17:48 - 2014-11-11 17:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D4120177-A982-4288-BF2E-A5B00808978A}
2014-11-10 18:05 - 2014-11-10 18:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3F658E4D-1485-4ABE-AE76-729E34E274D5}
2014-11-09 21:36 - 2014-11-09 21:36 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-09 21:36 - 2014-11-09 21:36 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-09 21:36 - 2014-11-09 21:36 - 00000824 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-11-09 21:36 - 2014-11-09 21:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EurekaLab s.a.s
2014-11-09 21:36 - 2014-11-09 21:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-09 21:30 - 2014-11-10 19:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-09 21:10 - 2014-11-09 21:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-09 20:37 - 2014-11-09 20:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-09 20:36 - 2014-11-09 20:36 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-09 19:51 - 2013-09-09 21:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-11-09 11:43 - 2014-11-09 11:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\{97691D80-D897-446F-BFFA-4EFA1D65BFAF}
2014-11-09 07:12 - 2014-11-09 07:12 - 00054156 ____H () C:\Windows\QTFont.qfn
2014-11-09 07:12 - 2014-11-09 07:12 - 00001409 _____ () C:\Windows\QTFont.for
2014-11-08 21:54 - 2014-11-08 21:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E198A45A-786E-455B-9F73-EEBE9DB6B089}
2014-11-07 11:33 - 2014-11-07 11:33 - 00000000 ____D () C:\Users\Kim\AppData\Local\{2141A49A-9E35-47A1-851E-1733BD58F51E}
2014-11-05 22:28 - 2014-11-05 22:28 - 00003860 _____ () C:\Windows\System32\Tasks\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17}
2014-11-05 22:28 - 2014-11-05 22:28 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-11-05 22:28 - 2014-11-05 22:28 - 00000000 _____ () C:\Windows\system32\jghzak.dll
2014-11-05 21:31 - 2014-11-05 21:32 - 00000000 ____D () C:\Users\Kim\AppData\Local\{A01BAF2A-0C15-49E7-B92A-D78AACB8BB09}
2014-11-04 12:14 - 2014-11-04 12:15 - 00000000 ____D () C:\Users\Kim\AppData\Local\{CEA1D549-A593-47C5-9B84-EBD6E1AE95E8}
2014-11-03 22:13 - 2014-11-03 22:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0D834D86-506F-40F9-A26D-4FCEFB3BD44E}
2014-11-02 12:23 - 2014-11-02 12:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{5CC63EA1-E6CB-4B2D-B6D5-AF7B8833D5A9}
2014-11-01 11:38 - 2014-11-01 11:38 - 00000000 ____D () C:\Users\Kim\AppData\Local\{E0654785-8AB6-406A-985E-DA374895341A}
2014-11-01 11:21 - 2014-11-01 11:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4770C446-96A2-44D5-BC8A-555679F6E610}
2014-10-29 18:33 - 2014-10-29 18:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4B351570-AB27-4E32-AB1D-79B659FB0923}
2014-10-29 17:51 - 2014-10-29 17:51 - 00000000 ____D () C:\Users\Kim\AppData\Local\{5DDDA557-C6BA-4D2F-B59D-31515A88F6F8}
2014-10-28 16:52 - 2014-10-28 16:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D592530-9D83-41E8-BCC3-69DB573A9E90}
2014-10-27 19:56 - 2014-10-27 19:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9462FF60-37FC-44C5-B5F3-C5BBBC76BBDA}
2014-10-26 20:58 - 2014-10-26 20:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0ECC6AB-7D37-4498-BEFC-1EE8F063D99B}
2014-10-26 08:57 - 2014-10-26 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{077422B7-99C9-4A3D-829D-61DE8AB60277}
2014-10-25 17:53 - 2014-10-25 17:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{378B1B26-F0AF-4482-8DDC-978BC0E4E524}
2014-10-22 15:13 - 2014-11-09 19:12 - 00000000 ____D () C:\Program Files (x86)\My Little Investigations
2014-10-19 08:50 - 2014-10-19 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{985D561A-22E5-4E92-9C64-C4FF6906FAFB}
2014-10-15 19:05 - 2014-10-15 19:05 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-10-15 06:51 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 06:51 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 06:51 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 06:51 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 06:51 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 06:51 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 06:51 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 06:51 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 06:51 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 06:51 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 06:51 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 06:51 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 06:51 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 06:51 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 06:51 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 06:51 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 06:51 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 06:51 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 06:51 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 06:51 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 06:51 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 06:51 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 06:51 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 06:51 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 06:51 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 06:51 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 06:51 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 06:51 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:51 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 06:51 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 06:51 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:51 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 06:51 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 06:51 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 06:51 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 06:51 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 06:51 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 06:51 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 06:51 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 06:51 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 06:51 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 06:51 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 06:51 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 06:51 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 06:51 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 06:51 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 06:51 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 06:51 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:51 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 06:51 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 06:51 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 06:51 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 06:51 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 06:51 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 06:51 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 06:51 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 06:51 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 06:51 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 06:51 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 06:51 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 06:51 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 06:51 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 06:51 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 06:51 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 06:51 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 06:51 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 06:51 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 06:51 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 06:51 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 06:51 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 06:51 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 06:51 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 06:51 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 06:51 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 06:51 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 06:50 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 06:50 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 06:50 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 06:50 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 06:50 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 06:50 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 06:50 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 06:50 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 06:50 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 06:50 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 06:50 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 06:50 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 06:50 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 06:50 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 06:50 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 06:50 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 06:50 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 06:50 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 06:50 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 06:50 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 06:33 - 2014-10-15 06:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FAC51A51-AF27-4D65-B0D2-4F57A6949055}
2014-10-14 11:24 - 2014-10-14 11:24 - 00000000 ____D () C:\Users\Kim\AppData\Local\{C2918F44-E485-4C66-AF1A-7A87F917F8C2}
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Kim\AppData\Local\{9D184A2D-6CDB-419F-8821-36D498BF925C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 12:51 - 2012-08-20 17:22 - 01885461 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 12:01 - 2012-08-20 18:36 - 00000256 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-11-12 09:27 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-12 09:24 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 09:24 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 09:18 - 2009-07-14 00:13 - 00006506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 09:14 - 2012-05-17 14:34 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-12 09:13 - 2010-11-20 22:47 - 01586596 _____ () C:\Windows\PFRO.log
2014-11-12 09:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 09:13 - 2009-07-13 23:51 - 00004475 _____ () C:\Windows\setupact.log
2014-11-12 08:40 - 2012-08-20 17:29 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E6CD30E9-FF4C-468A-9F67-38C15221429D}
2014-11-12 08:39 - 2014-10-05 11:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-11-12 08:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-11 21:13 - 2012-11-10 07:13 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForKim.job
2014-11-11 18:37 - 2012-08-25 13:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-11-11 18:01 - 2012-08-20 17:22 - 00000000 ____D () C:\Users\Owner
2014-11-10 19:33 - 2013-03-11 21:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-11-10 19:33 - 2013-03-11 21:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-09 22:34 - 2013-03-11 21:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 22:34 - 2013-03-11 21:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 21:37 - 2013-03-11 21:35 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-09 21:37 - 2013-03-11 21:35 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-09 21:04 - 2012-05-17 14:31 - 00000000 ____D () C:\Windows\PRIndex
2014-11-09 11:46 - 2014-02-22 23:18 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-11-09 09:02 - 2012-09-04 20:55 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-11-09 09:02 - 2012-09-04 20:55 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-11-08 19:46 - 2012-10-25 18:20 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{50146BE8-6A67-4DA1-BC4B-1D77760F6E40}
2014-11-08 11:05 - 2014-09-13 09:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{80BD9E64-9F07-4A15-A9C9-BC0493984335}
2014-11-07 13:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-05 15:13 - 2012-11-10 07:13 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKim
2014-11-05 09:02 - 2013-01-22 21:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-05 09:02 - 2012-08-28 20:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-28 20:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-28 18:23 - 2009-07-13 23:45 - 05446336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 17:06 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 19:00 - 2009-09-30 20:35 - 00000000 ____D () C:\Pictures 2004
2014-10-15 19:05 - 2014-03-16 12:18 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-15 19:05 - 2014-03-16 12:18 - 00002442 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-10-15 19:05 - 2014-03-16 12:18 - 00002442 _____ () C:\ProgramData\Desktop\Norton Security Suite.lnk
2014-10-15 19:05 - 2014-03-16 12:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-10-15 19:05 - 2014-03-16 12:17 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 07:08

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Owner at 2014-11-12 12:56:53
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Acronis True Image WD Edition (HKLM-x32\...\{A7D5787B-3A91-4433-A753-CFE520671683}) (Version: 13.0.14010 - Acronis)
Adobe Acrobat 6.0 Professional (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.0 - NIKON CORPORATION)
Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dirt Track Racing (HKLM-x32\...\Dirt Track Racing) (Version:  - )
Dirt Track Racing 2 (HKLM-x32\...\{5188D24B-9003-41B9-BC5D-7FEBA5C8F3AE}) (Version:  - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FTP Commander (HKLM-x32\...\FTP Commander) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
Invoices & Estimates (HKLM-x32\...\{40343BCD-282E-40B7-A3F1-0D1333F697FD}) (Version:  - )
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version:  - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NASCAR® Racing 2003 Season (HKLM-x32\...\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}) (Version:  - Sierra Entertainment)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
Nikon View 6 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version:  - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Pegasus Mail HTML Renderer 2.4.7.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.11 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.00.0000 - CyberLink Corp.)
PowerDirector (x32 Version: 6.00.0000 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
QuickTime (HKLM-x32\...\InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}) (Version: 7.1 - Apple Computer, Inc.)
QuickTime (x32 Version: 7.1 - Apple Computer, Inc.) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.19 - AMD)
RAIDXpert (x32 Version: 3.3.1540.19 - AMD) Hidden
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.3.0 - SmartSound Software Inc) Hidden
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Stamps.com Internet Postage (HKLM-x32\...\Stamps.com Internet Postage) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Ulead GIF Animator 5 (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.4 - Nikon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zenfolio Uploader (HKLM\...\zfupload) (Version:  - Zenfolio, Inc.)
Zenfolio Uploader (HKLM-x32\...\zfupload) (Version:  - Zenfolio, Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-872580572-3677183479-2035353063-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

10-11-2014 02:20:56 Checkpoint by HitmanPro
10-11-2014 02:22:12 Checkpoint by HitmanPro
12-11-2014 13:48:46 OTL Restore Point - 11/12/2014 8:48:39 AM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-12 08:49 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B2A6404-AC97-442F-ACA5-03BC16BD4BA4} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {172871E9-B922-42C5-9A35-582536A1240D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {262DEC0F-05D7-4E94-BD05-EC0B6D37CB54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2A2CECEF-F091-4920-89FE-0FB2D5E3030E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11] (Google Inc.)
Task: {2E353A09-F437-4A16-9A4D-41D803B969E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2E880781-5C5D-402E-A80E-AD3CEF024F9C} - System32\Tasks\{4CF4E158-2FCE-4D15-B824-31F2117BCDB3} => C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
Task: {359596BB-6392-4EA6-84F9-FB75FF7D64A6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {393F71BA-B7AA-4385-8951-01860404E830} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {426866FE-C830-4AF7-91B7-60F2090A0C82} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {55267EC8-D097-4175-BB7E-17CDCA123D07} - System32\Tasks\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17} => C:\Windows\system32\xkrcuql.dll/s "C:\Windows\system32\xkrcuql.dll"
Task: {642D53A0-EF89-4A63-969F-D5FA5EDBB3BD} - System32\Tasks\AdobeAAMUpdater-1.0-Desktop-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {6EAF03BF-91C6-4A97-A002-6CAC3EEF0115} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {86319F98-23F6-4660-93B0-07A3FFBACB54} - System32\Tasks\{F9F364F3-DBA9-4B59-86EC-D2154ADA8B90} => C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
Task: {8A2BAA42-7B1E-4D21-AB86-127AFC77EB66} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {96298E7A-0192-4D56-B208-50D7F199FD61} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9676027F-CCD8-445B-BFCF-E91070D5D468} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11] (Google Inc.)
Task: {ACF25503-AF73-4069-8853-7D3B910EC18E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {CC43DB83-B570-4553-940F-2583530D480A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {CD0F969F-C924-483C-9DA9-66D3D29BE3BD} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E76C6FBA-11EF-4483-ABE5-B2FDC60DFD56} - System32\Tasks\{F1984D05-75FB-4B39-878C-3B7F4D7EF5E5} => C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
Task: {E8CD74BC-4D0B-4EEC-8FFF-40F58ABFF9C0} - System32\Tasks\HPCeeScheduleForKim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EA3FF327-C8AB-4F77-A70B-F86BF7C5E7C0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {FA6A40F6-291D-40B2-BFA1-461B8711B424} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {FBAC394F-3C36-46BB-9CA7-47D245385CB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN18S4817C05PJ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {FD6B3F4F-FE22-4A6A-8721-14432D33ACEA} - System32\Tasks\{BBDED8C2-C739-40F0-A447-DB18AF89176D} => C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-09-28 19:18 - 2007-01-09 09:25 - 00272024 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2011-06-08 16:57 - 2011-06-08 16:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-05-17 14:13 - 2012-12-29 03:40 - 00087480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-22 16:48 - 2011-07-22 16:48 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-08 11:05 - 2014-11-08 11:05 - 00279040 _____ () C:\Users\Owner\AppData\Local\{80BD9E64-9F07-4A15-A9C9-BC0493984335}\uywtdidl.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2014-11-08 11:05 - 2014-11-08 11:05 - 00718152 _____ () C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\36.0.1985.143\libglesv2.dll
2014-11-08 11:05 - 2014-11-08 11:05 - 00126280 _____ () C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\36.0.1985.143\libegl.dll
2014-11-08 11:05 - 2014-11-08 11:05 - 08537928 _____ () C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\36.0.1985.143\pdf.dll
2014-11-08 11:05 - 2014-11-08 11:05 - 00353096 _____ () C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-11-08 11:05 - 2014-11-08 11:05 - 01732936 _____ () C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\36.0.1985.143\ffmpegsumo.dll
2014-11-08 11:05 - 2014-11-08 11:05 - 14669128 _____ () C:\Users\Owner\AppData\LocalLow\Zenfolio\gswifkkh\Bxrajoskow\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-872580572-3677183479-2035353063-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-872580572-3677183479-2035353063-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-872580572-3677183479-2035353063-1002 - Limited - Enabled)
Kim (S-1-5-21-872580572-3677183479-2035353063-1003 - Administrator - Enabled) => C:\Users\Kim
Michael2 (S-1-5-21-872580572-3677183479-2035353063-1005 - Administrator - Enabled) => C:\Users\Michael2
Owner (S-1-5-21-872580572-3677183479-2035353063-1000 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-872580572-3677183479-2035353063-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

System errors:
=============
Error: (11/12/2014 00:54:59 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Error: (11/12/2014 10:28:19 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (11/12/2014 09:57:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (11/12/2014 09:55:16 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Error: (11/12/2014 09:26:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/12/2014 09:26:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (11/12/2014 09:26:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/12/2014 09:18:42 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Error: (11/12/2014 09:18:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (11/12/2014 09:18:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Microsoft Office Sessions:
=========================
Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

Error: (11/12/2014 09:31:06 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at LifeCenter.CommonControls.RestoreData.RestoreDataFileIfNotExist(StrFileType File)

CodeIntegrity Errors:
===================================
  Date: 2012-12-17 19:02:44.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX™-6120 Six-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 10005.44 MB
Available physical RAM: 7334.04 MB
Total Pagefile: 20009.05 MB
Available Pagefile: 16589.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1845.27 GB) (Free:1214.29 GB) NTFS
Drive z: (Local Disk) (Fixed) (Total:298.09 GB) (Free:121.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1862.6 GB) (Disk ID: D5DC0E6B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1845.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298 GB) (Disk ID: 12C635EB)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I see you've run a lot of tools to try and rectify the issue yourself. Please refrain from running any more tools while I'm working with you. Some of the tools that were run shouldn't be run without a helpers direction. This will make cleaning your machine easier. Thank you.

 

Let's get started.

 

 

Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here. These programs are either outdated and will be updated later or of bad reputation. If you do want to keep any of these I suggest that you re-install them only after we have declared your machine clean.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot.

Catalina Savings Printer
Java 7 Update
Spot
Tap Tap Bear
Zenfolio Uploader

 

Step#2 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   5KB   41 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

  

 

Items for your next post

1. FRST Fix log


  • 0

Advertisements


#11
4MRM

4MRM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I don't see the Catalina Savings Printer listed in my programs list. Should I proceed with the next step or is there a way I can find it to uninstall it?


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Go ahead and continue. Just note any other ones that you don't find or have problems uninstalling and let me know. Thanks.


  • 0

#13
4MRM

4MRM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

That one was the only program. Here is the log.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
Ran by Owner at 2014-11-13 18:50:21 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & Administrator (Available profiles: Owner & Kim & Michael2 & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
cmd: tskill omgolld.exe /A
cmd: tskill dllhost.exe /A
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Run: [uywtdidl] => regsvr32.exe /s "C:\Users\Owner\AppData\Local\{80BD9E64-9F07-4A15-A9C9-BC0493984335}\uywtdidl.dll" <===== ATTENTION
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Policies\Explorer: [] 0
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\MountPoints2: {476004d4-edba-11e1-a566-446d5756518c} - K:\LaunchU3.exe -a
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab
FF Extension: vShare - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fpd5yyrg.default\Extensions\[email protected] [2010-12-13]
2014-11-11 17:48 - 2014-11-11 17:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D4120177-A982-4288-BF2E-A5B00808978A}
2014-11-10 18:05 - 2014-11-10 18:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3F658E4D-1485-4ABE-AE76-729E34E274D5}
2014-11-09 11:43 - 2014-11-09 11:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\{97691D80-D897-446F-BFFA-4EFA1D65BFAF}
2014-11-08 21:54 - 2014-11-08 21:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E198A45A-786E-455B-9F73-EEBE9DB6B089}
2014-11-07 11:33 - 2014-11-07 11:33 - 00000000 ____D () C:\Users\Kim\AppData\Local\{2141A49A-9E35-47A1-851E-1733BD58F51E}
2014-11-05 22:28 - 2014-11-05 22:28 - 00003860 _____ () C:\Windows\System32\Tasks\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17}
2014-11-05 22:28 - 2014-11-05 22:28 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-11-05 22:28 - 2014-11-05 22:28 - 00000000 _____ () C:\Windows\system32\jghzak.dll
2014-11-05 21:31 - 2014-11-05 21:32 - 00000000 ____D () C:\Users\Kim\AppData\Local\{A01BAF2A-0C15-49E7-B92A-D78AACB8BB09}
2014-11-04 12:14 - 2014-11-04 12:15 - 00000000 ____D () C:\Users\Kim\AppData\Local\{CEA1D549-A593-47C5-9B84-EBD6E1AE95E8}
2014-11-03 22:13 - 2014-11-03 22:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0D834D86-506F-40F9-A26D-4FCEFB3BD44E}
2014-11-02 12:23 - 2014-11-02 12:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{5CC63EA1-E6CB-4B2D-B6D5-AF7B8833D5A9}
2014-11-01 11:38 - 2014-11-01 11:38 - 00000000 ____D () C:\Users\Kim\AppData\Local\{E0654785-8AB6-406A-985E-DA374895341A}
2014-11-01 11:21 - 2014-11-01 11:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4770C446-96A2-44D5-BC8A-555679F6E610}
2014-10-29 18:33 - 2014-10-29 18:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4B351570-AB27-4E32-AB1D-79B659FB0923}
2014-10-29 17:51 - 2014-10-29 17:51 - 00000000 ____D () C:\Users\Kim\AppData\Local\{5DDDA557-C6BA-4D2F-B59D-31515A88F6F8}
2014-10-28 16:52 - 2014-10-28 16:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D592530-9D83-41E8-BCC3-69DB573A9E90}
2014-10-27 19:56 - 2014-10-27 19:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9462FF60-37FC-44C5-B5F3-C5BBBC76BBDA}
2014-10-26 20:58 - 2014-10-26 20:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0ECC6AB-7D37-4498-BEFC-1EE8F063D99B}
2014-10-26 08:57 - 2014-10-26 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{077422B7-99C9-4A3D-829D-61DE8AB60277}
2014-10-25 17:53 - 2014-10-25 17:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{378B1B26-F0AF-4482-8DDC-978BC0E4E524}
2014-10-19 08:50 - 2014-10-19 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{985D561A-22E5-4E92-9C64-C4FF6906FAFB}
2014-10-15 06:33 - 2014-10-15 06:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FAC51A51-AF27-4D65-B0D2-4F57A6949055}
2014-10-14 11:24 - 2014-10-14 11:24 - 00000000 ____D () C:\Users\Kim\AppData\Local\{C2918F44-E485-4C66-AF1A-7A87F917F8C2}
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Kim\AppData\Local\{9D184A2D-6CDB-419F-8821-36D498BF925C}
CustomCLSID: HKU\S-1-5-21-872580572-3677183479-2035353063-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {55267EC8-D097-4175-BB7E-17CDCA123D07} - System32\Tasks\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17} => C:\Windows\system32\xkrcuql.dll/s "C:\Windows\system32\xkrcuql.dll"
C:\Users\Owner\AppData\Local\{80BD9E64-9F07-4A15-A9C9-BC0493984335}
C:\Users\Owner\AppData\LocalLow\Zenfolio
cmd: type C:\Users\Owner\Desktop\AdwCleaner[S1].txt
cmd: type C:\Users\Administrator\Desktop\AdwCleaner[S0].txt
cmd: type C:\Users\Owner\Desktop\11122014_084827.log
EmptyTemp:

 
*****************

Processes closed successfully.

=========  tskill omgolld.exe /A =========

'tskill' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

=========  tskill dllhost.exe /A =========

'tskill' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uywtdidl => Value not found.
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value deleted successfully.
"HKU\S-1-5-21-872580572-3677183479-2035353063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-872580572-3677183479-2035353063-1000" => Key not found.
"HKU\S-1-5-21-872580572-3677183479-2035353063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{476004d4-edba-11e1-a566-446d5756518c}" => Key deleted successfully.
"HKCR\CLSID\{476004d4-edba-11e1-a566-446d5756518c}" => Key not found.
"HKU\S-1-5-21-872580572-3677183479-2035353063-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-872580572-3677183479-2035353063-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Error deleting key. The key could be protected.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{62AEFF80-16AD-4AC4-B812-E70EB5F37301}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{62AEFF80-16AD-4AC4-B812-E70EB5F37301}" => Key not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fpd5yyrg.default\Extensions\[email protected] => Moved successfully.
C:\Users\Owner\AppData\Local\{D4120177-A982-4288-BF2E-A5B00808978A} => Moved successfully.
C:\Users\Owner\AppData\Local\{3F658E4D-1485-4ABE-AE76-729E34E274D5} => Moved successfully.
C:\Users\Owner\AppData\Local\{97691D80-D897-446F-BFFA-4EFA1D65BFAF} => Moved successfully.
C:\Users\Owner\AppData\Local\{E198A45A-786E-455B-9F73-EEBE9DB6B089} => Moved successfully.
C:\Users\Kim\AppData\Local\{2141A49A-9E35-47A1-851E-1733BD58F51E} => Moved successfully.
C:\Windows\System32\Tasks\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17} => Moved successfully.
C:\Windows\SysWOW64\u => Moved successfully.
C:\Windows\system32\jghzak.dll => Moved successfully.
C:\Users\Kim\AppData\Local\{A01BAF2A-0C15-49E7-B92A-D78AACB8BB09} => Moved successfully.
C:\Users\Kim\AppData\Local\{CEA1D549-A593-47C5-9B84-EBD6E1AE95E8} => Moved successfully.
C:\Users\Owner\AppData\Local\{0D834D86-506F-40F9-A26D-4FCEFB3BD44E} => Moved successfully.
C:\Users\Owner\AppData\Local\{5CC63EA1-E6CB-4B2D-B6D5-AF7B8833D5A9} => Moved successfully.
C:\Users\Kim\AppData\Local\{E0654785-8AB6-406A-985E-DA374895341A} => Moved successfully.
C:\Users\Owner\AppData\Local\{4770C446-96A2-44D5-BC8A-555679F6E610} => Moved successfully.
C:\Users\Owner\AppData\Local\{4B351570-AB27-4E32-AB1D-79B659FB0923} => Moved successfully.
C:\Users\Kim\AppData\Local\{5DDDA557-C6BA-4D2F-B59D-31515A88F6F8} => Moved successfully.
C:\Users\Owner\AppData\Local\{1D592530-9D83-41E8-BCC3-69DB573A9E90} => Moved successfully.
C:\Users\Owner\AppData\Local\{9462FF60-37FC-44C5-B5F3-C5BBBC76BBDA} => Moved successfully.
C:\Users\Owner\AppData\Local\{C0ECC6AB-7D37-4498-BEFC-1EE8F063D99B} => Moved successfully.
C:\Users\Owner\AppData\Local\{077422B7-99C9-4A3D-829D-61DE8AB60277} => Moved successfully.
C:\Users\Owner\AppData\Local\{378B1B26-F0AF-4482-8DDC-978BC0E4E524} => Moved successfully.
C:\Users\Owner\AppData\Local\{985D561A-22E5-4E92-9C64-C4FF6906FAFB} => Moved successfully.
C:\Users\Owner\AppData\Local\{FAC51A51-AF27-4D65-B0D2-4F57A6949055} => Moved successfully.
C:\Users\Kim\AppData\Local\{C2918F44-E485-4C66-AF1A-7A87F917F8C2} => Moved successfully.
C:\Users\Kim\AppData\Local\{9D184A2D-6CDB-419F-8821-36D498BF925C} => Moved successfully.
"HKU\S-1-5-21-872580572-3677183479-2035353063-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55267EC8-D097-4175-BB7E-17CDCA123D07}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55267EC8-D097-4175-BB7E-17CDCA123D07}" => Key not found.
C:\Windows\System32\Tasks\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17}" => Key not found.
C:\Users\Owner\AppData\Local\{80BD9E64-9F07-4A15-A9C9-BC0493984335} => Moved successfully.
C:\Users\Owner\AppData\LocalLow\Zenfolio => Moved successfully.

=========  type C:\Users\Owner\Desktop\AdwCleaner[S1].txt =========

# AdwCleaner v4.101 - Report created 12/11/2014 at 09:11:46
# Updated 09/11/2014 by Xplode
# Database : 2014-11-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - DESKTOP
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fpd5yyrg.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v

[fpd5yyrg.default\prefs.js] - Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0016[...]
[fpd5yyrg.default\prefs.js] - Line Deleted : user_pref("[email protected]", false);
[fpd5yyrg.default\prefs.js] - Line Deleted : user_pref("vshareus.install.date", "1300406400000");
[fpd5yyrg.default\prefs.js] - Line Deleted : user_pref("vshareus.install.finished", "1.0.0");
[fpd5yyrg.default\prefs.js] - Line Deleted : user_pref("vshareus.install.guid", "{68a64726-546b-475c-b863-3e37795c21b1}");
[fpd5yyrg.default\prefs.js] - Line Deleted : user_pref("vshareus.install.laststatreq", "1305244800000");
[fpd5yyrg.default\prefs.js] - Line Deleted : user_pref("vshareus.install.overlayVersion", 1);

*************************

AdwCleaner[R0].txt - [1997 octets] - [11/11/2014 18:16:25]
AdwCleaner[R1].txt - [1754 octets] - [12/11/2014 09:09:06]
AdwCleaner[S0].txt - [1858 octets] - [11/11/2014 18:19:41]
AdwCleaner[S1].txt - [1754 octets] - [12/11/2014 09:11:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1814 octets] ##########

========= End of CMD: =========

=========  type C:\Users\Administrator\Desktop\AdwCleaner[S0].txt =========

# AdwCleaner v4.101 - Report created 11/11/2014 at 18:19:41
# Updated 09/11/2014 by Xplode
# Database : 2014-11-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Administrator - DESKTOP
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [1997 octets] - [11/11/2014 18:16:25]
AdwCleaner[S0].txt - [1690 octets] - [11/11/2014 18:19:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1750 octets] ##########

========= End of CMD: =========

=========  type C:\Users\Owner\Desktop\11122014_084827.log =========

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named Web Assistant Updater was found to stop!
Service\Driver key Web Assistant Updater not found.
File C:\Program Files\Web Assistant\ExtensionUpdaterService.exe not found.
Error: No service named yewimmxqbs64 was found to stop!
Service\Driver key yewimmxqbs64 not found.
File C:\Program Files\002\yewimmxqbs64.exe not found.
Error: No service named TBSrv was found to stop!
Service\Driver key TBSrv not found.
File C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe not found.
Error: No service named {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64 was found to stop!
Service\Driver key {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64 not found.
File C:\Windows\SysNative\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60C81A18-51F6-47F2-B06C-33F9A627B0CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60C81A18-51F6-47F2-B06C-33F9A627B0CD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C7B84228-7B83-4247-B10B-655843FEA48E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7B84228-7B83-4247-B10B-655843FEA48E}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\Web Assistant\Firefox not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E9E3331-D360-4f87-8803-52DE43566502}\ not found.
File C:\Program Files\Web Assistant\Firefox not found.
Folder C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]\ not found.
Folder C:\Users\Phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61a83e16-7198-49c6-8874-3e4e8faeb4f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61a83e16-7198-49c6-8874-3e4e8faeb4f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found.
File C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f897eb0e-a3a4-46c3-80eb-2729699d8892}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61a83e16-7198-49c6-8874-3e4e8faeb4f3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61a83e16-7198-49c6-8874-3e4e8faeb4f3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ not found.
File C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f897eb0e-a3a4-46c3-80eb-2729699d8892} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f897eb0e-a3a4-46c3-80eb-2729699d8892}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61A83E16-7198-49C6-8874-3E4E8FAEB4F3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61A83E16-7198-49C6-8874-3E4E8FAEB4F3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F897EB0E-A3A4-46C3-80EB-2729699D8892} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F897EB0E-A3A4-46C3-80EB-2729699D8892}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Otgpuozkwdji not found.
File C:\Users\Phoebe\AppData\Local\Broadcom\Otgpuozkwdji.dll not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8ebdb9948842.job not found.
File C:\Users\Phoebe\AppData\Local\funmoods-speeddial.crx not found.
File C:\Users\Phoebe\AppData\Local\funmoods.crx not found.
Folder C:\Users\Phoebe\AppData\Roaming\newnext.me\ not found.
Folder C:\Users\Phoebe\AppData\Roaming\OpenCandy\ not found.
Folder C:\Users\Phoebe\AppData\Roaming\Systweak\ not found.
========== FILES ==========
File\Folder C:\Users\Phoebe\AppData\LocalLow\Apple Computer not found.
File\Folder C:\Program Files (x86)\Tbccint not found.
File\Folder C:\Program Files\002 not found.
File\Folder C:\Program Files (x86)\Funmoods not found.
File\Folder C:\Program Files (x86)\VisualBee_V.5 not found.
File\Folder C:\Users\Phoebe\AppData\Local\Broadcom not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 60082 bytes
->Temporary Internet Files folder emptied: 6565686 bytes
->Flash cache emptied: 492 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: dub_cm_auto
 
User: Kim
->Temp folder emptied: 64358 bytes
->Temporary Internet Files folder emptied: 9147911 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 654 bytes
 
User: Owner
->Temp folder emptied: 23533182 bytes
->Temporary Internet Files folder emptied: 33043755 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 654 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74346 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 11823687762 bytes
 
Total Files Cleaned = 11,345.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11122014_084827

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\344921-google-chrome-multiple-tnulqtoeexe-32-processes-cpu-usage-issue[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\push[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\push[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\push[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\push[4].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIKF9334\zrt_lookup[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8ZQZLUO\ads[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8ZQZLUO\container[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M9RKBX7\20269[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M9RKBX7\v1[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\hsperfdata_DESKTOP$\2092 moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

========= End of CMD: =========

EmptyTemp: => Removed 402.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, things are looking good. Please follow the steps below.

 

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#2 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
  
 
Items for your next post

1. AswMBR log
2. FRST and Addition logs

3. How is your machine doing?


  • 0

#15
4MRM

4MRM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Does it normally take a while for the aswMBR to run? It has seemed to have locked up on me a couple of times. It's running now (drive is pegged), but sitting at the same point.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP